From 846c617a61c0dda77ad1bc66fb7fcc97b69f159a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:34:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0081.json | 240 ++++++++++++------------ 2003/0xxx/CVE-2003-0103.json | 130 ++++++------- 2003/0xxx/CVE-2003-0358.json | 170 ++++++++--------- 2003/0xxx/CVE-2003-0510.json | 130 ++++++------- 2003/0xxx/CVE-2003-0829.json | 34 ++-- 2003/1xxx/CVE-2003-1189.json | 160 ++++++++-------- 2003/1xxx/CVE-2003-1369.json | 140 +++++++------- 2003/1xxx/CVE-2003-1421.json | 130 ++++++------- 2003/1xxx/CVE-2003-1585.json | 130 ++++++------- 2004/0xxx/CVE-2004-0136.json | 160 ++++++++-------- 2004/0xxx/CVE-2004-0212.json | 230 +++++++++++------------ 2004/0xxx/CVE-2004-0621.json | 140 +++++++------- 2004/0xxx/CVE-2004-0799.json | 140 +++++++------- 2004/0xxx/CVE-2004-0963.json | 180 +++++++++--------- 2004/1xxx/CVE-2004-1949.json | 210 ++++++++++----------- 2004/2xxx/CVE-2004-2034.json | 170 ++++++++--------- 2004/2xxx/CVE-2004-2207.json | 140 +++++++------- 2004/2xxx/CVE-2004-2446.json | 170 ++++++++--------- 2008/2xxx/CVE-2008-2012.json | 140 +++++++------- 2008/2xxx/CVE-2008-2378.json | 180 +++++++++--------- 2008/2xxx/CVE-2008-2855.json | 140 +++++++------- 2008/2xxx/CVE-2008-2861.json | 170 ++++++++--------- 2008/6xxx/CVE-2008-6166.json | 150 +++++++-------- 2012/0xxx/CVE-2012-0596.json | 220 +++++++++++----------- 2012/1xxx/CVE-2012-1749.json | 170 ++++++++--------- 2012/1xxx/CVE-2012-1779.json | 160 ++++++++-------- 2012/5xxx/CVE-2012-5065.json | 130 ++++++------- 2012/5xxx/CVE-2012-5218.json | 130 ++++++------- 2012/5xxx/CVE-2012-5372.json | 160 ++++++++-------- 2012/5xxx/CVE-2012-5697.json | 140 +++++++------- 2017/11xxx/CVE-2017-11289.json | 140 +++++++------- 2017/3xxx/CVE-2017-3181.json | 326 ++++++++++++++++----------------- 2017/3xxx/CVE-2017-3316.json | 166 ++++++++--------- 2017/3xxx/CVE-2017-3453.json | 228 +++++++++++------------ 2017/3xxx/CVE-2017-3470.json | 132 ++++++------- 2017/7xxx/CVE-2017-7451.json | 34 ++-- 2017/7xxx/CVE-2017-7590.json | 140 +++++++------- 2017/7xxx/CVE-2017-7796.json | 142 +++++++------- 2017/8xxx/CVE-2017-8011.json | 140 +++++++------- 2017/8xxx/CVE-2017-8350.json | 140 +++++++------- 2017/8xxx/CVE-2017-8652.json | 152 +++++++-------- 2018/10xxx/CVE-2018-10044.json | 34 ++-- 2018/10xxx/CVE-2018-10214.json | 34 ++-- 2018/10xxx/CVE-2018-10817.json | 120 ++++++------ 2018/10xxx/CVE-2018-10965.json | 34 ++-- 2018/10xxx/CVE-2018-10974.json | 120 ++++++------ 2018/12xxx/CVE-2018-12636.json | 130 ++++++------- 2018/13xxx/CVE-2018-13085.json | 120 ++++++------ 2018/13xxx/CVE-2018-13345.json | 34 ++-- 2018/13xxx/CVE-2018-13443.json | 34 ++-- 2018/13xxx/CVE-2018-13511.json | 130 ++++++------- 2018/17xxx/CVE-2018-17403.json | 120 ++++++------ 2018/17xxx/CVE-2018-17538.json | 140 +++++++------- 2018/17xxx/CVE-2018-17595.json | 120 ++++++------ 2018/17xxx/CVE-2018-17818.json | 34 ++-- 55 files changed, 3819 insertions(+), 3819 deletions(-) diff --git a/2003/0xxx/CVE-2003-0081.json b/2003/0xxx/CVE-2003-0081.json index 25ba16053b7..f16a51b1b9b 100644 --- a/2003/0xxx/CVE-2003-0081.json +++ b/2003/0xxx/CVE-2003-0081.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030308 Ethereal format string bug, yet still ethereal much better than windows", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html" - }, - { - "name" : "http://www.guninski.com/etherre.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/etherre.html" - }, - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html" - }, - { - "name" : "CLSA-2003:627", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627" - }, - { - "name" : "DSA-258", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-258" - }, - { - "name" : "GLSA-200303-10", - "refsource" : "GENTOO", - "url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html" - }, - { - "name" : "MDKSA-2003:051", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051" - }, - { - "name" : "RHSA-2003:076", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-076.html" - }, - { - "name" : "RHSA-2003:077", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html" - }, - { - "name" : "SuSE-SA:2003:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html" - }, - { - "name" : "7049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7049" - }, - { - "name" : "ethereal-socks-format-string(11497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11497" - }, - { - "name" : "oval:org.mitre.oval:def:54", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:077", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-077.html" + }, + { + "name": "SuSE-SA:2003:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00008.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00008.html" + }, + { + "name": "GLSA-200303-10", + "refsource": "GENTOO", + "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html" + }, + { + "name": "ethereal-socks-format-string(11497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11497" + }, + { + "name": "20030308 Ethereal format string bug, yet still ethereal much better than windows", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html" + }, + { + "name": "CLSA-2003:627", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627" + }, + { + "name": "MDKSA-2003:051", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051" + }, + { + "name": "RHSA-2003:076", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-076.html" + }, + { + "name": "DSA-258", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-258" + }, + { + "name": "http://www.guninski.com/etherre.html", + "refsource": "MISC", + "url": "http://www.guninski.com/etherre.html" + }, + { + "name": "oval:org.mitre.oval:def:54", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54" + }, + { + "name": "7049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7049" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0103.json b/2003/0xxx/CVE-2003-0103.json index 9cd49c70bbd..67899a8643b 100644 --- a/2003/0xxx/CVE-2003-0103.json +++ b/2003/0xxx/CVE-2003-0103.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6952" - }, - { - "name" : "nokia-6210-vcard-dos(11421)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11421.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nokia-6210-vcard-dos(11421)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11421.php" + }, + { + "name": "6952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6952" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0358.json b/2003/0xxx/CVE-2003-0358.json index 45429ab0cfa..a6f28912283 100644 --- a/2003/0xxx/CVE-2003-0358.json +++ b/2003/0xxx/CVE-2003-0358.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0" - }, - { - "name" : "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt", - "refsource" : "CONFIRM", - "url" : "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt" - }, - { - "name" : "DSA-316", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-316" - }, - { - "name" : "DSA-350", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-350" - }, - { - "name" : "6806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6806" - }, - { - "name" : "nethack-s-command-bo(11283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-350", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-350" + }, + { + "name": "DSA-316", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-316" + }, + { + "name": "nethack-s-command-bo(11283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283" + }, + { + "name": "6806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6806" + }, + { + "name": "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0" + }, + { + "name": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt", + "refsource": "CONFIRM", + "url": "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0510.json b/2003/0xxx/CVE-2003-0510.json index 02dc2f18e30..cad45084998 100644 --- a/2003/0xxx/CVE-2003-0510.json +++ b/2003/0xxx/CVE-2003-0510.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the \"sessions\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030701 ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105709355110281&w=2" - }, - { - "name" : "http://druglord.freelsd.org/ezbounce/", - "refsource" : "CONFIRM", - "url" : "http://druglord.freelsd.org/ezbounce/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the \"sessions\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030701 ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105709355110281&w=2" + }, + { + "name": "http://druglord.freelsd.org/ezbounce/", + "refsource": "CONFIRM", + "url": "http://druglord.freelsd.org/ezbounce/" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0829.json b/2003/0xxx/CVE-2003-0829.json index cc80ab69703..8134cede916 100644 --- a/2003/0xxx/CVE-2003-0829.json +++ b/2003/0xxx/CVE-2003-0829.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0829", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0829", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1189.json b/2003/1xxx/CVE-2003-1189.json index aa8e949aaee..85658ef4149 100644 --- a/2003/1xxx/CVE-2003-1189.json +++ b/2003/1xxx/CVE-2003-1189.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8928", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8928" - }, - { - "name" : "2724", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2724" - }, - { - "name" : "1007992", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007992" - }, - { - "name" : "10083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10083" - }, - { - "name" : "nokia-ipso-ipcluster-dos(13539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1007992", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007992" + }, + { + "name": "8928", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8928" + }, + { + "name": "nokia-ipso-ipcluster-dos(13539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13539" + }, + { + "name": "10083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10083" + }, + { + "name": "2724", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2724" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1369.json b/2003/1xxx/CVE-2003-1369.json index f8e40f14aab..2c4f27bb5bb 100644 --- a/2003/1xxx/CVE-2003-1369.json +++ b/2003/1xxx/CVE-2003-1369.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030204 Banner Buffer Overflows found in Multible FTP Clients", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html" - }, - { - "name" : "6762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6762" - }, - { - "name" : "bytecatcher-ftp-banner-bo(11235)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6762" + }, + { + "name": "bytecatcher-ftp-banner-bo(11235)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11235" + }, + { + "name": "20030204 Banner Buffer Overflows found in Multible FTP Clients", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1421.json b/2003/1xxx/CVE-2003-1421.json index e9685282281..437d341b179 100644 --- a/2003/1xxx/CVE-2003-1421.json +++ b/2003/1xxx/CVE-2003-1421.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6854" - }, - { - "name" : "suckbot-modmysqllogger-dos(11340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6854" + }, + { + "name": "suckbot-modmysqllogger-dos(11340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11340" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1585.json b/2003/1xxx/CVE-2003-1585.json index 92d294e3fb5..43afb9b5c75 100644 --- a/2003/1xxx/CVE-2003-1585.json +++ b/2003/1xxx/CVE-2003-1585.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313867" - }, - { - "name" : "weblogexpert-domain-name-xss(56647)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "weblogexpert-domain-name-xss(56647)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56647" + }, + { + "name": "20030304 Log corruption on multiple webservers, log analyzers,...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313867" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0136.json b/2004/0xxx/CVE-2004-0136.json index adce6ab3839..b994ae2395e 100644 --- a/2004/0xxx/CVE-2004-0136.json +++ b/2004/0xxx/CVE-2004-0136.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a \"corrupted binary.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040601-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc" - }, - { - "name" : "7123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7123" - }, - { - "name" : "11872", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11872" - }, - { - "name" : "irix-mapelf32exec-dos(16416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16416" - }, - { - "name" : "10547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a \"corrupted binary.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irix-mapelf32exec-dos(16416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16416" + }, + { + "name": "7123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7123" + }, + { + "name": "10547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10547" + }, + { + "name": "20040601-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc" + }, + { + "name": "11872", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11872" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0212.json b/2004/0xxx/CVE-2004-0212.json index a0cf683ce06..7bbf94f99a1 100644 --- a/2004/0xxx/CVE-2004-0212.json +++ b/2004/0xxx/CVE-2004-0212.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040714 Microsoft Windows Task Scheduler '.job' Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108981273009250&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/mstaskjob.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/mstaskjob.txt" - }, - { - "name" : "20040714 Unchecked buffer in mstask.dll", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108981403025596&w=2" - }, - { - "name" : "MS04-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" - }, - { - "name" : "TA04-196A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" - }, - { - "name" : "VU#228028", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/228028" - }, - { - "name" : "oval:org.mitre.oval:def:1344", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" - }, - { - "name" : "oval:org.mitre.oval:def:1781", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" - }, - { - "name" : "oval:org.mitre.oval:def:1964", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" - }, - { - "name" : "oval:org.mitre.oval:def:3428", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" - }, - { - "name" : "12060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12060" - }, - { - "name" : "win-taskscheduler-bo(16591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040714 Unchecked buffer in mstask.dll", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108981403025596&w=2" + }, + { + "name": "win-taskscheduler-bo(16591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16591" + }, + { + "name": "http://www.ngssoftware.com/advisories/mstaskjob.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/mstaskjob.txt" + }, + { + "name": "TA04-196A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html" + }, + { + "name": "oval:org.mitre.oval:def:3428", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3428" + }, + { + "name": "oval:org.mitre.oval:def:1344", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1344" + }, + { + "name": "20040714 Microsoft Windows Task Scheduler '.job' Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108981273009250&w=2" + }, + { + "name": "oval:org.mitre.oval:def:1964", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1964" + }, + { + "name": "oval:org.mitre.oval:def:1781", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1781" + }, + { + "name": "VU#228028", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/228028" + }, + { + "name": "MS04-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-022" + }, + { + "name": "12060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12060" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0621.json b/2004/0xxx/CVE-2004-0621.json index bc8add60aa6..d5f8850ab34 100644 --- a/2004/0xxx/CVE-2004-0621.json +++ b/2004/0xxx/CVE-2004-0621.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040624 ZWS Newsletter & Mailing List Manager", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108811585025216&w=2" - }, - { - "name" : "zws-gain-admin-access(16507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16507" - }, - { - "name" : "10605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zws-gain-admin-access(16507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16507" + }, + { + "name": "20040624 ZWS Newsletter & Mailing List Manager", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108811585025216&w=2" + }, + { + "name": "10605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10605" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0799.json b/2004/0xxx/CVE-2004-0799.json index c965f9407d6..ba66c5a9881 100644 --- a/2004/0xxx/CVE-2004-0799.json +++ b/2004/0xxx/CVE-2004-0799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using \"prn.htm\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 Ipswitch WhatsUp Gold Remote Denial of Service Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=142&type=vulnerabilities" - }, - { - "name" : "http://www.ipswitch.com/Support/WhatsUp/patch-upgrades.html", - "refsource" : "CONFIRM", - "url" : "http://www.ipswitch.com/Support/WhatsUp/patch-upgrades.html" - }, - { - "name" : "whatsup-get-prn-dos(17418)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using \"prn.htm\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "whatsup-get-prn-dos(17418)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17418" + }, + { + "name": "20040916 Ipswitch WhatsUp Gold Remote Denial of Service Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=142&type=vulnerabilities" + }, + { + "name": "http://www.ipswitch.com/Support/WhatsUp/patch-upgrades.html", + "refsource": "CONFIRM", + "url": "http://www.ipswitch.com/Support/WhatsUp/patch-upgrades.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0963.json b/2004/0xxx/CVE-2004-0963.json index 535104ee1b1..8b5ea450fe8 100644 --- a/2004/0xxx/CVE-2004-0963.json +++ b/2004/0xxx/CVE-2004-0963.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 [HV-HIGH] MS Word multiple exceptions, at least one exploitable", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109716247230733&w=2" - }, - { - "name" : "MS05-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-023" - }, - { - "name" : "oval:org.mitre.oval:def:1795", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1795" - }, - { - "name" : "oval:org.mitre.oval:def:2105", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2105" - }, - { - "name" : "oval:org.mitre.oval:def:2216", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2216" - }, - { - "name" : "oval:org.mitre.oval:def:420", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A420" - }, - { - "name" : "word-file-parsing-bo(17635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS05-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-023" + }, + { + "name": "oval:org.mitre.oval:def:2216", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2216" + }, + { + "name": "oval:org.mitre.oval:def:420", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A420" + }, + { + "name": "20041006 [HV-HIGH] MS Word multiple exceptions, at least one exploitable", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109716247230733&w=2" + }, + { + "name": "oval:org.mitre.oval:def:2105", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2105" + }, + { + "name": "oval:org.mitre.oval:def:1795", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1795" + }, + { + "name": "word-file-parsing-bo(17635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17635" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1949.json b/2004/1xxx/CVE-2004-1949.json index 379497d8b0c..46dd8ea5c7f 100644 --- a/2004/1xxx/CVE-2004-1949.json +++ b/2004/1xxx/CVE-2004-1949.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html" - }, - { - "name" : "20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108256503718978&w=2" - }, - { - "name" : "http://news.postnuke.com/Article2580.html", - "refsource" : "CONFIRM", - "url" : "http://news.postnuke.com/Article2580.html" - }, - { - "name" : "10146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10146" - }, - { - "name" : "5368", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5368" - }, - { - "name" : "5369", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5369" - }, - { - "name" : "1009801", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009801" - }, - { - "name" : "11386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11386" - }, - { - "name" : "postnuke-indexphp-sql-injection(15869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869" - }, - { - "name" : "postnuke-changeinfo-sql-injection(15875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5369", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5369" + }, + { + "name": "10146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10146" + }, + { + "name": "http://news.postnuke.com/Article2580.html", + "refsource": "CONFIRM", + "url": "http://news.postnuke.com/Article2580.html" + }, + { + "name": "postnuke-indexphp-sql-injection(15869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15869" + }, + { + "name": "20040420 [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108256503718978&w=2" + }, + { + "name": "20040414 [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020154.html" + }, + { + "name": "5368", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5368" + }, + { + "name": "1009801", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009801" + }, + { + "name": "postnuke-changeinfo-sql-injection(15875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15875" + }, + { + "name": "11386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11386" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2034.json b/2004/2xxx/CVE-2004-2034.json index 6503215a964..477498f704d 100644 --- a/2004/2xxx/CVE-2004-2034.json +++ b/2004/2xxx/CVE-2004-2034.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040527 WildTangent Web Driver Long FileName Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108569235217149&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/wildtangent.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/wildtangent.txt" - }, - { - "name" : "10421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10421" - }, - { - "name" : "6445", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6445" - }, - { - "name" : "11727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11727" - }, - { - "name" : "wildtangent-wthoster-webdriver-bo(16266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040527 WildTangent Web Driver Long FileName Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108569235217149&w=2" + }, + { + "name": "6445", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6445" + }, + { + "name": "11727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11727" + }, + { + "name": "10421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10421" + }, + { + "name": "wildtangent-wthoster-webdriver-bo(16266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16266" + }, + { + "name": "http://www.ngssoftware.com/advisories/wildtangent.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/wildtangent.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2207.json b/2004/2xxx/CVE-2004-2207.json index 3e850eba448..88fba8c0c6d 100644 --- a/2004/2xxx/CVE-2004-2207.json +++ b/2004/2xxx/CVE-2004-2207.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxpatrol.com/advdetails.asp?id=14", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/advdetails.asp?id=14" - }, - { - "name" : "http://www.maxpatrol.com/mp_advisory.asp", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/mp_advisory.asp" - }, - { - "name" : "11424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxpatrol.com/mp_advisory.asp", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/mp_advisory.asp" + }, + { + "name": "http://www.maxpatrol.com/advdetails.asp?id=14", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/advdetails.asp?id=14" + }, + { + "name": "11424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11424" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2446.json b/2004/2xxx/CVE-2004-2446.json index b263f434c87..7f1d34f2e0a 100644 --- a/2004/2xxx/CVE-2004-2446.json +++ b/2004/2xxx/CVE-2004-2446.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a \"..\" (dot dot) sequences in unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/1st%20Class%20mail%20server%204.01.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/1st%20Class%20mail%20server%204.01.txt" - }, - { - "name" : "10089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10089" - }, - { - "name" : "5011", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5011" - }, - { - "name" : "1009705", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/alerts/2004/Apr/1009705.html" - }, - { - "name" : "11330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11330" - }, - { - "name" : "1stclass-dotdot-directory-traversal(15812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a \"..\" (dot dot) sequences in unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1stclass-dotdot-directory-traversal(15812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15812" + }, + { + "name": "1009705", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/alerts/2004/Apr/1009705.html" + }, + { + "name": "11330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11330" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/1st%20Class%20mail%20server%204.01.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/1st%20Class%20mail%20server%204.01.txt" + }, + { + "name": "5011", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5011" + }, + { + "name": "10089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10089" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2012.json b/2008/2xxx/CVE-2008-2012.json index 41d0a8b904b..2a0416cde3d 100644 --- a/2008/2xxx/CVE-2008-2012.json +++ b/2008/2xxx/CVE-2008-2012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5495", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5495" - }, - { - "name" : "28931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28931" - }, - { - "name" : "postschedule-index-sql-injection(42010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28931" + }, + { + "name": "5495", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5495" + }, + { + "name": "postschedule-index-sql-injection(42010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42010" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2378.json b/2008/2xxx/CVE-2008-2378.json index f5098ef1da9..bbfb89725da 100644 --- a/2008/2xxx/CVE-2008-2378.json +++ b/2008/2xxx/CVE-2008-2378.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182" - }, - { - "name" : "DSA-1668", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1668" - }, - { - "name" : "32421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32421" - }, - { - "name" : "50231", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50231" - }, - { - "name" : "32831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32831" - }, - { - "name" : "32855", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32855" - }, - { - "name" : "hf-hfkernel-privilege-escalation(46806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 allows local users to gain privileges via a Trojan horse killall program in a directory in the PATH, related to improper handling of the -k option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hf-hfkernel-privilege-escalation(46806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46806" + }, + { + "name": "32855", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32855" + }, + { + "name": "50231", + "refsource": "OSVDB", + "url": "http://osvdb.org/50231" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504182" + }, + { + "name": "DSA-1668", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1668" + }, + { + "name": "32421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32421" + }, + { + "name": "32831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32831" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2855.json b/2008/2xxx/CVE-2008-2855.json index 7cba55c19ab..9a970baa4ed 100644 --- a/2008/2xxx/CVE-2008-2855.json +++ b/2008/2xxx/CVE-2008-2855.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5860", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5860" - }, - { - "name" : "29818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29818" - }, - { - "name" : "ownrs-clanek-xss(43186)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29818" + }, + { + "name": "5860", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5860" + }, + { + "name": "ownrs-clanek-xss(43186)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43186" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2861.json b/2008/2xxx/CVE-2008-2861.json index d1bee1494f8..74c614bded7 100644 --- a/2008/2xxx/CVE-2008-2861.json +++ b/2008/2xxx/CVE-2008-2861.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080619 eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493473/100/0/threaded" - }, - { - "name" : "5859", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5859" - }, - { - "name" : "29812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29812" - }, - { - "name" : "30762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30762" - }, - { - "name" : "3957", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3957" - }, - { - "name" : "esc-ansfaq-login-xss(43191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3957", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3957" + }, + { + "name": "5859", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5859" + }, + { + "name": "esc-ansfaq-login-xss(43191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43191" + }, + { + "name": "29812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29812" + }, + { + "name": "20080619 eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493473/100/0/threaded" + }, + { + "name": "30762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30762" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6166.json b/2008/6xxx/CVE-2008-6166.json index ff58aed02ba..2ba8ad7e03f 100644 --- a/2008/6xxx/CVE-2008-6166.json +++ b/2008/6xxx/CVE-2008-6166.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6827", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6827" - }, - { - "name" : "31902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31902" - }, - { - "name" : "32365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32365" - }, - { - "name" : "kbase-id-sql-injection(46076)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6827", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6827" + }, + { + "name": "32365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32365" + }, + { + "name": "kbase-id-sql-injection(46076)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46076" + }, + { + "name": "31902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31902" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0596.json b/2012/0xxx/CVE-2012-0596.json index 72a9f95f303..dc812ce6618 100644 --- a/2012/0xxx/CVE-2012-0596.json +++ b/2012/0xxx/CVE-2012-0596.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79918", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79918" - }, - { - "name" : "oval:org.mitre.oval:def:16974", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16974" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120596-code-execution(73815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "79918", + "refsource": "OSVDB", + "url": "http://osvdb.org/79918" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "apple-webkit-cve20120596-code-execution(73815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73815" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "oval:org.mitre.oval:def:16974", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16974" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1749.json b/2012/1xxx/CVE-2012-1749.json index a379b4db696..41ca2337a04 100644 --- a/2012/1xxx/CVE-2012-1749.json +++ b/2012/1xxx/CVE-2012-1749.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54516" - }, - { - "name" : "83915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83915" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "fusionmiddleware-mvm-info-disc(76996)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83915", + "refsource": "OSVDB", + "url": "http://osvdb.org/83915" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "54516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54516" + }, + { + "name": "fusionmiddleware-mvm-info-disc(76996)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76996" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1779.json b/2012/1xxx/CVE-2012-1779.json index bee248a604e..63ddef3faa6 100644 --- a/2012/1xxx/CVE-2012-1779.json +++ b/2012/1xxx/CVE-2012-1779.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/110212/idev-BusinessDirectory-3.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/110212/idev-BusinessDirectory-3.0-Cross-Site-Scripting.html" - }, - { - "name" : "52171", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52171" - }, - { - "name" : "79636", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79636" - }, - { - "name" : "48173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48173" - }, - { - "name" : "idevbusinessdirectory-index-xss(73505)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/110212/idev-BusinessDirectory-3.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/110212/idev-BusinessDirectory-3.0-Cross-Site-Scripting.html" + }, + { + "name": "idevbusinessdirectory-index-xss(73505)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73505" + }, + { + "name": "79636", + "refsource": "OSVDB", + "url": "http://osvdb.org/79636" + }, + { + "name": "48173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48173" + }, + { + "name": "52171", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52171" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5065.json b/2012/5xxx/CVE-2012-5065.json index 6d03a74eafc..b8ca836a5f6 100644 --- a/2012/5xxx/CVE-2012-5065.json +++ b/2012/5xxx/CVE-2012-5065.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5218.json b/2012/5xxx/CVE-2012-5218.json index 1ff9c88cae4..86cc475ffab 100644 --- a/2012/5xxx/CVE-2012-5218.json +++ b/2012/5xxx/CVE-2012-5218.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF02865", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03727435-1" - }, - { - "name" : "SSRT101158", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03727435-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBHF02865", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03727435-1" + }, + { + "name": "SSRT101158", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03727435-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5372.json b/2012/5xxx/CVE-2012-5372.json index 27c3d1aac88..13361e7bb76 100644 --- a/2012/5xxx/CVE-2012-5372.json +++ b/2012/5xxx/CVE-2012-5372.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://2012.appsec-forum.ch/conferences/#c17", - "refsource" : "MISC", - "url" : "http://2012.appsec-forum.ch/conferences/#c17" - }, - { - "name" : "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", - "refsource" : "MISC", - "url" : "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2012-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2012-001.html" - }, - { - "name" : "https://www.131002.net/data/talks/appsec12_slides.pdf", - "refsource" : "MISC", - "url" : "https://www.131002.net/data/talks/appsec12_slides.pdf" - }, - { - "name" : "56670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rubinius computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", + "refsource": "MISC", + "url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf" + }, + { + "name": "https://www.131002.net/data/talks/appsec12_slides.pdf", + "refsource": "MISC", + "url": "https://www.131002.net/data/talks/appsec12_slides.pdf" + }, + { + "name": "http://2012.appsec-forum.ch/conferences/#c17", + "refsource": "MISC", + "url": "http://2012.appsec-forum.ch/conferences/#c17" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2012-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2012-001.html" + }, + { + "name": "56670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56670" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5697.json b/2012/5xxx/CVE-2012-5697.json index feea0708c02..21926d8d38f 100644 --- a/2012/5xxx/CVE-2012-5697.json +++ b/2012/5xxx/CVE-2012-5697.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/georgiaweidman/statuses/269138431567855618", - "refsource" : "MISC", - "url" : "https://twitter.com/georgiaweidman/statuses/269138431567855618" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23123", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23123" - }, - { - "name" : "51415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23123", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23123" + }, + { + "name": "https://twitter.com/georgiaweidman/statuses/269138431567855618", + "refsource": "MISC", + "url": "https://twitter.com/georgiaweidman/statuses/269138431567855618" + }, + { + "name": "51415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51415" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11289.json b/2017/11xxx/CVE-2017-11289.json index 3a834573e2e..640abc37f8f 100644 --- a/2017/11xxx/CVE-2017-11289.json +++ b/2017/11xxx/CVE-2017-11289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Connect 9.6.2 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Connect 9.6.2 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Connect 9.6.2 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Connect 9.6.2 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/connect/apsb17-35.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/connect/apsb17-35.html" - }, - { - "name" : "101838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101838" - }, - { - "name" : "1039799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/connect/apsb17-35.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/connect/apsb17-35.html" + }, + { + "name": "1039799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039799" + }, + { + "name": "101838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101838" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3181.json b/2017/3xxx/CVE-2017-3181.json index 90d04c81151..ef7c15cb234 100644 --- a/2017/3xxx/CVE-2017-3181.json +++ b/2017/3xxx/CVE-2017-3181.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3181", - "STATE" : "PUBLIC", - "TITLE" : "Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spotfire Analyst", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "7.7.0", - "version_value" : "7.7.0" - } - ] - } - }, - { - "product_name" : "Spotfire Connectors", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "7.6.0", - "version_value" : "7.6.0" - } - ] - } - }, - { - "product_name" : "Spotfire Deployment Kit", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "7.7.0", - "version_value" : "7.7.0" - } - ] - } - }, - { - "product_name" : "Spotfire Desktop", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "7.6.0", - "version_value" : "7.6.0" - }, - { - "affected" : "=", - "version_name" : "7.7.0", - "version_value" : "7.7.0" - } - ] - } - }, - { - "product_name" : "Spotfire Desktop Developer Edition", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "7.7.0", - "version_value" : "7.7.0" - } - ] - } - }, - { - "product_name" : "Spotfire Desktop Language Packs", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "7.6.0", - "version_value" : "7.6.0" - }, - { - "affected" : "=", - "version_name" : "7.7.0", - "version_value" : "7.7.0" - } - ] - } - }, - { - "product_name" : "Spotfire Web Player Client", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - }, - { - "product_name" : "Spotfire Client", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-89" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3181", + "STATE": "PUBLIC", + "TITLE": "Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spotfire Analyst", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "7.7.0", + "version_value": "7.7.0" + } + ] + } + }, + { + "product_name": "Spotfire Connectors", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "7.6.0", + "version_value": "7.6.0" + } + ] + } + }, + { + "product_name": "Spotfire Deployment Kit", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "7.7.0", + "version_value": "7.7.0" + } + ] + } + }, + { + "product_name": "Spotfire Desktop", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "7.6.0", + "version_value": "7.6.0" + }, + { + "affected": "=", + "version_name": "7.7.0", + "version_value": "7.7.0" + } + ] + } + }, + { + "product_name": "Spotfire Desktop Developer Edition", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "7.7.0", + "version_value": "7.7.0" + } + ] + } + }, + { + "product_name": "Spotfire Desktop Language Packs", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "7.6.0", + "version_value": "7.6.0" + }, + { + "affected": "=", + "version_name": "7.7.0", + "version_value": "7.7.0" + } + ] + } + }, + { + "product_name": "Spotfire Web Player Client", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + }, + { + "product_name": "Spotfire Client", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181" - }, - { - "name" : "95696", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/95696" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181" + }, + { + "name": "95696", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/95696" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3316.json b/2017/3xxx/CVE-2017-3316.json index 6bd08ef40b3..7fa2179b548 100644 --- a/2017/3xxx/CVE-2017-3316.json +++ b/2017/3xxx/CVE-2017-3316.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 5.0.32" - }, - { - "version_value" : "prior to 5.1.14" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "prior to 5.0.32" + }, + { + "version_value": "prior to 5.1.14" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41196", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41196/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "GLSA-201702-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-08" - }, - { - "name" : "95579", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95579" - }, - { - "name" : "1037638", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-08" + }, + { + "name": "41196", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41196/" + }, + { + "name": "95579", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95579" + }, + { + "name": "1037638", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037638" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3453.json b/2017/3xxx/CVE-2017-3453.json index 77b56c6c2a5..13d2802e5db 100644 --- a/2017/3xxx/CVE-2017-3453.json +++ b/2017/3xxx/CVE-2017-3453.json @@ -1,116 +1,116 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.54 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.6.35 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.54 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.6.35 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3834", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3834" - }, - { - "name" : "DSA-3944", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3944" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "97776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97776" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "97776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97776" + }, + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "DSA-3944", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3944" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "DSA-3834", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3834" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3470.json b/2017/3xxx/CVE-2017-3470.json index d758fcad811..28126fe965d 100644 --- a/2017/3xxx/CVE-2017-3470.json +++ b/2017/3xxx/CVE-2017-3470.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Communications Security Gateway", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communications Security Gateway", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). The supported version that is affected is 3.0.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via ICMP Ping to compromise Oracle Communications Security Gateway. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Security Gateway." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97792" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7451.json b/2017/7xxx/CVE-2017-7451.json index 1528e6fdcac..3e734ea1b79 100644 --- a/2017/7xxx/CVE-2017-7451.json +++ b/2017/7xxx/CVE-2017-7451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7590.json b/2017/7xxx/CVE-2017-7590.json index 6bb8867fc52..641523dc15b 100644 --- a/2017/7xxx/CVE-2017-7590.json +++ b/2017/7xxx/CVE-2017-7590.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/", - "refsource" : "MISC", - "url" : "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/" - }, - { - "name" : "https://backstage.forgerock.com/knowledge/kb/article/a92936505", - "refsource" : "CONFIRM", - "url" : "https://backstage.forgerock.com/knowledge/kb/article/a92936505" - }, - { - "name" : "98044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/", + "refsource": "MISC", + "url": "http://www.rootlabs.com.br/forgerock-persistent-and-reflected-cross-site-scripting-xss/" + }, + { + "name": "98044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98044" + }, + { + "name": "https://backstage.forgerock.com/knowledge/kb/article/a92936505", + "refsource": "CONFIRM", + "url": "https://backstage.forgerock.com/knowledge/kb/article/a92936505" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7796.json b/2017/7xxx/CVE-2017-7796.json index 22eef14e674..ac31d804fb3 100644 --- a/2017/7xxx/CVE-2017-7796.json +++ b/2017/7xxx/CVE-2017-7796.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Windows systems, the logger run by the Windows updater deletes the file \"update.log\" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named \"update.log\" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Windows updater can delete any file named update.log" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1234401", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1234401" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Windows systems, the logger run by the Windows updater deletes the file \"update.log\" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named \"update.log\" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Windows updater can delete any file named update.log" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234401", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1234401" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8011.json b/2017/8xxx/CVE-2017-8011.json index edfaa8ff58a..644522632f0 100644 --- a/2017/8xxx/CVE-2017-8011.json +++ b/2017/8xxx/CVE-2017-8011.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)", - "version" : { - "version_data" : [ - { - "version_value" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "undocumented accounts vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)", + "version": { + "version_data": [ + { + "version_value": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/21", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/21" - }, - { - "name" : "99555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99555" - }, - { - "name" : "1038905", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution Packs (EMC ViPR SRM prior to 4.1, EMC Storage M&R prior to 4.1, EMC VNX M&R all versions, EMC M&R (Watch4Net) for SAS Solution Packs all versions) contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "undocumented accounts vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038905", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038905" + }, + { + "name": "99555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99555" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/21", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Jul/21" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8350.json b/2017/8xxx/CVE-2017-8350.json index c3400d5c1af..7e47d160e57 100644 --- a/2017/8xxx/CVE-2017-8350.json +++ b/2017/8xxx/CVE-2017-8350.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/447", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/447" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/447", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/447" + }, + { + "name": "98373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98373" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8652.json b/2017/8xxx/CVE-2017-8652.json index d3e4fb580b3..5eee5a8ef11 100644 --- a/2017/8xxx/CVE-2017-8652.json +++ b/2017/8xxx/CVE-2017-8652.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42445", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42445/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652" - }, - { - "name" : "100047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100047" - }, - { - "name" : "1039101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100047" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8652" + }, + { + "name": "42445", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42445/" + }, + { + "name": "1039101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039101" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10044.json b/2018/10xxx/CVE-2018-10044.json index df41240ee51..6f4566d43ba 100644 --- a/2018/10xxx/CVE-2018-10044.json +++ b/2018/10xxx/CVE-2018-10044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10214.json b/2018/10xxx/CVE-2018-10214.json index f90b887769e..20f50a5e9c8 100644 --- a/2018/10xxx/CVE-2018-10214.json +++ b/2018/10xxx/CVE-2018-10214.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10214", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10214", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10817.json b/2018/10xxx/CVE-2018-10817.json index 9ae960cc57f..9a6133ea6e9 100644 --- a/2018/10xxx/CVE-2018-10817.json +++ b/2018/10xxx/CVE-2018-10817.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Severalnines ClusterControl before 1.6.0-4699 allows XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.severalnines.com/hc/en-us/articles/212425943-ChangeLog", - "refsource" : "MISC", - "url" : "https://support.severalnines.com/hc/en-us/articles/212425943-ChangeLog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Severalnines ClusterControl before 1.6.0-4699 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.severalnines.com/hc/en-us/articles/212425943-ChangeLog", + "refsource": "MISC", + "url": "https://support.severalnines.com/hc/en-us/articles/212425943-ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10965.json b/2018/10xxx/CVE-2018-10965.json index 973a5fba619..29cad7551a7 100644 --- a/2018/10xxx/CVE-2018-10965.json +++ b/2018/10xxx/CVE-2018-10965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10974.json b/2018/10xxx/CVE-2018-10974.json index 26483f03f03..7a55a058bda 100644 --- a/2018/10xxx/CVE-2018-10974.json +++ b/2018/10xxx/CVE-2018-10974.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222100", - "refsource" : "MISC", - "url" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222100." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222100", + "refsource": "MISC", + "url": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x00222100" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12636.json b/2018/12xxx/CVE-2018-12636.json index fdea1a43a62..6338c6fce8c 100644 --- a/2018/12xxx/CVE-2018-12636.json +++ b/2018/12xxx/CVE-2018-12636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44943", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44943/" - }, - { - "name" : "https://wordpress.org/plugins/better-wp-security/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/better-wp-security/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44943", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44943/" + }, + { + "name": "https://wordpress.org/plugins/better-wp-security/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/better-wp-security/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13085.json b/2018/13xxx/CVE-2018-13085.json index 3617ae4aa27..95ba20e95f3 100644 --- a/2018/13xxx/CVE-2018-13085.json +++ b/2018/13xxx/CVE-2018-13085.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/FreeCoin/FreeCoin.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13345.json b/2018/13xxx/CVE-2018-13345.json index e7449c0d89c..da2d4b10f90 100644 --- a/2018/13xxx/CVE-2018-13345.json +++ b/2018/13xxx/CVE-2018-13345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13345", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13345", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13443.json b/2018/13xxx/CVE-2018-13443.json index 8190158d5b0..889be281a91 100644 --- a/2018/13xxx/CVE-2018-13443.json +++ b/2018/13xxx/CVE-2018-13443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13511.json b/2018/13xxx/CVE-2018-13511.json index 3cb62610372..10a2c97db9f 100644 --- a/2018/13xxx/CVE-2018-13511.json +++ b/2018/13xxx/CVE-2018-13511.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CorelliCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CorelliCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CorelliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CorelliCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CorelliCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17403.json b/2018/17xxx/CVE-2018-17403.json index 546ba525847..8d67b7488e0 100644 --- a/2018/17xxx/CVE-2018-17403.json +++ b/2018/17xxx/CVE-2018-17403.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20User%20Impersonation.pdf", - "refsource" : "MISC", - "url" : "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20User%20Impersonation.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20User%20Impersonation.pdf", + "refsource": "MISC", + "url": "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20User%20Impersonation.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17538.json b/2018/17xxx/CVE-2018-17538.json index b2da690be7c..9fe81f1efee 100644 --- a/2018/17xxx/CVE-2018-17538.json +++ b/2018/17xxx/CVE-2018-17538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Review_Report.pdf", - "refsource" : "MISC", - "url" : "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Review_Report.pdf" - }, - { - "name" : "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Sync_Report.pdf", - "refsource" : "MISC", - "url" : "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Sync_Report.pdf" - }, - { - "name" : "https://raw.githubusercontent.com/GitHubAssessments/CVE_Assessment_05_2018/master/Evidence_Sync_Report.pdf", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/GitHubAssessments/CVE_Assessment_05_2018/master/Evidence_Sync_Report.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Sync_Report.pdf", + "refsource": "MISC", + "url": "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Sync_Report.pdf" + }, + { + "name": "https://raw.githubusercontent.com/GitHubAssessments/CVE_Assessment_05_2018/master/Evidence_Sync_Report.pdf", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/GitHubAssessments/CVE_Assessment_05_2018/master/Evidence_Sync_Report.pdf" + }, + { + "name": "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Review_Report.pdf", + "refsource": "MISC", + "url": "https://github.com/GitHubAssessments/CVE_Assessment_05_2018/blob/master/Evidence_Review_Report.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17595.json b/2018/17xxx/CVE-2018-17595.json index f5262e31da5..5a4b6367031 100644 --- a/2018/17xxx/CVE-2018-17595.json +++ b/2018/17xxx/CVE-2018-17595.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/149596/CVE-2018-17595.txt", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/149596/CVE-2018-17595.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/149596/CVE-2018-17595.txt", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/149596/CVE-2018-17595.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17818.json b/2018/17xxx/CVE-2018-17818.json index d6d45533279..6c830dd1b72 100644 --- a/2018/17xxx/CVE-2018-17818.json +++ b/2018/17xxx/CVE-2018-17818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17818", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17818", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file