diff --git a/2002/0xxx/CVE-2002-0673.json b/2002/0xxx/CVE-2002-0673.json
index c9c9bc20a98..48865d99573 100644
--- a/2002/0xxx/CVE-2002-0673.json
+++ b/2002/0xxx/CVE-2002-0673.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0673",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0673",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "A071202-1",
- "refsource" : "ATSTAKE",
- "url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
- },
- {
- "name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
- "refsource" : "CONFIRM",
- "url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
- },
- {
- "name" : "pingtel-xpressa-phone-reregister(9568)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/9568.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
+ "refsource": "CONFIRM",
+ "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
+ },
+ {
+ "name": "A071202-1",
+ "refsource": "ATSTAKE",
+ "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
+ },
+ {
+ "name": "pingtel-xpressa-phone-reregister(9568)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/9568.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1490.json b/2002/1xxx/CVE-2002-1490.json
index 7654e0d61f3..f6e20975d4a 100644
--- a/2002/1xxx/CVE-2002-1490.json
+++ b/2002/1xxx/CVE-2002-1490.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1490",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1490",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "NetBSD-SA2002-007",
- "refsource" : "NETBSD",
- "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc"
- },
- {
- "name" : "netbsd-tiocsctty-ioctl-bo(10115)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/10115.php"
- },
- {
- "name" : "5722",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/5722"
- },
- {
- "name" : "7566",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/7566"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "NetBSD-SA2002-007",
+ "refsource": "NETBSD",
+ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc"
+ },
+ {
+ "name": "7566",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/7566"
+ },
+ {
+ "name": "5722",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/5722"
+ },
+ {
+ "name": "netbsd-tiocsctty-ioctl-bo(10115)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/10115.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0022.json b/2003/0xxx/CVE-2003-0022.json
index ed7b269d028..51694b44d39 100644
--- a/2003/0xxx/CVE-2003-0022.json
+++ b/2003/0xxx/CVE-2003-0022.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0022",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0022",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030224 Terminal Emulator Security Issues",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
- },
- {
- "name" : "20030224 Terminal Emulator Security Issues",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2"
- },
- {
- "name" : "MDKSA-2003:034",
- "refsource" : "MANDRAKE",
- "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
- },
- {
- "name" : "RHSA-2003:054",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html"
- },
- {
- "name" : "RHSA-2003:055",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html"
- },
- {
- "name" : "6938",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/6938"
- },
- {
- "name" : "terminal-emulator-screen-dump(11413)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/11413.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20030224 Terminal Emulator Security Issues",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"
+ },
+ {
+ "name": "RHSA-2003:054",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
+ },
+ {
+ "name": "6938",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/6938"
+ },
+ {
+ "name": "RHSA-2003:055",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
+ },
+ {
+ "name": "terminal-emulator-screen-dump(11413)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/11413.php"
+ },
+ {
+ "name": "MDKSA-2003:034",
+ "refsource": "MANDRAKE",
+ "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
+ },
+ {
+ "name": "20030224 Terminal Emulator Security Issues",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0164.json b/2003/0xxx/CVE-2003-0164.json
index 17e33cc9729..20551f64caf 100644
--- a/2003/0xxx/CVE-2003-0164.json
+++ b/2003/0xxx/CVE-2003-0164.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0164",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0164",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0268.json b/2003/0xxx/CVE-2003-0268.json
index bfc6a94fbef..845f566e415 100644
--- a/2003/0xxx/CVE-2003-0268.json
+++ b/2003/0xxx/CVE-2003-0268.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0268",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0268",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030507 Multiple Vulnerabilities in SLWebmail",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2"
- },
- {
- "name" : "20030507 Multiple Vulnerabilities in SLWebmail",
- "refsource" : "NTBUGTRAQ",
- "url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2"
- },
- {
- "name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
- "refsource" : "MISC",
- "url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20030507 Multiple Vulnerabilities in SLWebmail",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105232436210273&w=2"
+ },
+ {
+ "name": "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
+ "refsource": "MISC",
+ "url": "http://www.nextgenss.com/advisories/slwebmail-vulns.txt"
+ },
+ {
+ "name": "20030507 Multiple Vulnerabilities in SLWebmail",
+ "refsource": "NTBUGTRAQ",
+ "url": "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0342.json b/2003/0xxx/CVE-2003-0342.json
index 6f1d519f318..364791a6d1a 100644
--- a/2003/0xxx/CVE-2003-0342.json
+++ b/2003/0xxx/CVE-2003-0342.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0342",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0342",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105353283720837&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/1xxx/CVE-2003-1027.json b/2003/1xxx/CVE-2003-1027.json
index 1455362e94d..e47645aa33c 100644
--- a/2003/1xxx/CVE-2003-1027.json
+++ b/2003/1xxx/CVE-2003-1027.json
@@ -1,132 +1,132 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-1027",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-1027",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20031125 HijackClickV2 - a successor of HijackClick attack",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=106979479719446&w=2"
- },
- {
- "name" : "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2",
- "refsource" : "MISC",
- "url" : "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
- },
- {
- "name" : "20031201 Comments on 5 IE vulnerabilities",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2"
- },
- {
- "name" : "MS04-004",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
- },
- {
- "name" : "TA04-033A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
- },
- {
- "name" : "VU#413886",
- "refsource" : "CERT-VN",
- "url" : "http://www.kb.cert.org/vuls/id/413886"
- },
- {
- "name" : "1006036",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1006036"
- },
- {
- "name" : "ie-method-perform-actions(13844)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
- },
- {
- "name" : "oval:org.mitre.oval:def:527",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
- },
- {
- "name" : "oval:org.mitre.oval:def:529",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
- },
- {
- "name" : "oval:org.mitre.oval:def:530",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
- },
- {
- "name" : "oval:org.mitre.oval:def:531",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
- },
- {
- "name" : "oval:org.mitre.oval:def:532",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
- },
- {
- "name" : "oval:org.mitre.oval:def:534",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
- },
- {
- "name" : "oval:org.mitre.oval:def:629",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "oval:org.mitre.oval:def:527",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527"
+ },
+ {
+ "name": "VU#413886",
+ "refsource": "CERT-VN",
+ "url": "http://www.kb.cert.org/vuls/id/413886"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:629",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:531",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531"
+ },
+ {
+ "name": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2",
+ "refsource": "MISC",
+ "url": "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:530",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530"
+ },
+ {
+ "name": "20031201 Comments on 5 IE vulnerabilities",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=107038202225587&w=2"
+ },
+ {
+ "name": "TA04-033A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/cas/techalerts/TA04-033A.html"
+ },
+ {
+ "name": "MS04-004",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:532",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:534",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534"
+ },
+ {
+ "name": "20031125 HijackClickV2 - a successor of HijackClick attack",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=106979479719446&w=2"
+ },
+ {
+ "name": "ie-method-perform-actions(13844)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:529",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529"
+ },
+ {
+ "name": "1006036",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1006036"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/1xxx/CVE-2003-1083.json b/2003/1xxx/CVE-2003-1083.json
index fbaba7c182d..94a8beff2d1 100644
--- a/2003/1xxx/CVE-2003-1083.json
+++ b/2003/1xxx/CVE-2003-1083.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-1083",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-1083",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/345417"
- },
- {
- "name" : "http://www.tildeslash.com/monit/dist/CHANGES.txt",
- "refsource" : "CONFIRM",
- "url" : "http://www.tildeslash.com/monit/dist/CHANGES.txt"
- },
- {
- "name" : "GLSA-200403-14",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200403-14.xml"
- },
- {
- "name" : "VU#623854",
- "refsource" : "CERT-VN",
- "url" : "http://www.kb.cert.org/vuls/id/623854"
- },
- {
- "name" : "9099",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/9099"
- },
- {
- "name" : "10280",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/10280"
- },
- {
- "name" : "monit-http-bo(13817)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13817"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.tildeslash.com/monit/dist/CHANGES.txt",
+ "refsource": "CONFIRM",
+ "url": "http://www.tildeslash.com/monit/dist/CHANGES.txt"
+ },
+ {
+ "name": "VU#623854",
+ "refsource": "CERT-VN",
+ "url": "http://www.kb.cert.org/vuls/id/623854"
+ },
+ {
+ "name": "monit-http-bo(13817)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13817"
+ },
+ {
+ "name": "GLSA-200403-14",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200403-14.xml"
+ },
+ {
+ "name": "9099",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/9099"
+ },
+ {
+ "name": "10280",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/10280"
+ },
+ {
+ "name": "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/345417"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/1xxx/CVE-2003-1151.json b/2003/1xxx/CVE-2003-1151.json
index 4ab2b2b82d0..747fb08179d 100644
--- a/2003/1xxx/CVE-2003-1151.json
+++ b/2003/1xxx/CVE-2003-1151.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-1151",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a \"404 Not Found\" error page."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-1151",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20031028 Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/342678"
- },
- {
- "name" : "8908",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/8908"
- },
- {
- "name" : "2732",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/2732"
- },
- {
- "name" : "1008020",
- "refsource" : "SECTRACK",
- "url" : "http://securitytracker.com/id?1008020"
- },
- {
- "name" : "10099",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/10099"
- },
- {
- "name" : "fastream-nonexistent-url-xss(13535)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13535"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a \"404 Not Found\" error page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "2732",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/2732"
+ },
+ {
+ "name": "8908",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/8908"
+ },
+ {
+ "name": "1008020",
+ "refsource": "SECTRACK",
+ "url": "http://securitytracker.com/id?1008020"
+ },
+ {
+ "name": "20031028 Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/342678"
+ },
+ {
+ "name": "fastream-nonexistent-url-xss(13535)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13535"
+ },
+ {
+ "name": "10099",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/10099"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0235.json b/2012/0xxx/CVE-2012-0235.json
index 1cca2cf2743..c6244879201 100644
--- a/2012/0xxx/CVE-2012-0235.json
+++ b/2012/0xxx/CVE-2012-0235.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0235",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cert@cert.org",
+ "ID": "CVE-2012-0235",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
- "refsource" : "MISC",
- "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
- },
- {
- "name" : "52051",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/52051"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
+ "refsource": "MISC",
+ "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
+ },
+ {
+ "name": "52051",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/52051"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0338.json b/2012/0xxx/CVE-2012-0338.json
index 4e8ed7c1b9f..819ac1b9392 100644
--- a/2012/0xxx/CVE-2012-0338.json
+++ b/2012/0xxx/CVE-2012-0338.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0338",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2012-0338",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html"
- },
- {
- "name" : "https://supportforums.cisco.com/thread/2030226",
- "refsource" : "CONFIRM",
- "url" : "https://supportforums.cisco.com/thread/2030226"
- },
- {
- "name" : "1027005",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1027005"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://supportforums.cisco.com/thread/2030226",
+ "refsource": "CONFIRM",
+ "url": "https://supportforums.cisco.com/thread/2030226"
+ },
+ {
+ "name": "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html"
+ },
+ {
+ "name": "1027005",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1027005"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0497.json b/2012/0xxx/CVE-2012-0497.json
index 399524a47e7..f988a3fc41a 100644
--- a/2012/0xxx/CVE-2012-0497.json
+++ b/2012/0xxx/CVE-2012-0497.json
@@ -1,157 +1,157 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0497",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2012-0497",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
- },
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
- },
- {
- "name" : "DSA-2420",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2012/dsa-2420"
- },
- {
- "name" : "GLSA-201406-32",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
- },
- {
- "name" : "HPSBMU02797",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
- },
- {
- "name" : "HPSBUX02757",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
- },
- {
- "name" : "HPSBUX02784",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
- },
- {
- "name" : "SSRT100779",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
- },
- {
- "name" : "SSRT100867",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
- },
- {
- "name" : "SSRT100871",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
- },
- {
- "name" : "HPSBMU02799",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
- },
- {
- "name" : "MDVSA-2013:150",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
- },
- {
- "name" : "RHSA-2013:1455",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
- },
- {
- "name" : "RHSA-2012:0514",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
- },
- {
- "name" : "SUSE-SU-2012:0603",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
- },
- {
- "name" : "52009",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/52009"
- },
- {
- "name" : "oval:org.mitre.oval:def:14772",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14772"
- },
- {
- "name" : "48589",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48589"
- },
- {
- "name" : "48950",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48950"
- },
- {
- "name" : "48074",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48074"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "48074",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48074"
+ },
+ {
+ "name": "HPSBUX02784",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
+ },
+ {
+ "name": "GLSA-201406-32",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
+ },
+ {
+ "name": "HPSBMU02799",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
+ },
+ {
+ "name": "48589",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48589"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:14772",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14772"
+ },
+ {
+ "name": "RHSA-2013:1455",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
+ },
+ {
+ "name": "SUSE-SU-2012:0603",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
+ },
+ {
+ "name": "48950",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48950"
+ },
+ {
+ "name": "SSRT100871",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
+ },
+ {
+ "name": "HPSBUX02757",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
+ },
+ {
+ "name": "52009",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/52009"
+ },
+ {
+ "name": "DSA-2420",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2012/dsa-2420"
+ },
+ {
+ "name": "SSRT100867",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
+ },
+ {
+ "name": "RHSA-2012:0514",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
+ },
+ {
+ "name": "MDVSA-2013:150",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
+ },
+ {
+ "name": "SSRT100779",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
+ },
+ {
+ "name": "HPSBMU02797",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0631.json b/2012/0xxx/CVE-2012-0631.json
index 63781b0b2af..76ced2bbcd3 100644
--- a/2012/0xxx/CVE-2012-0631.json
+++ b/2012/0xxx/CVE-2012-0631.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0631",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2012-0631",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "APPLE-SA-2012-03-07-1",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
- },
- {
- "name" : "APPLE-SA-2012-03-07-2",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
- },
- {
- "name" : "APPLE-SA-2012-03-12-1",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
- },
- {
- "name" : "52365",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/52365"
- },
- {
- "name" : "oval:org.mitre.oval:def:16826",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16826"
- },
- {
- "name" : "1026774",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1026774"
- },
- {
- "name" : "48274",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48274"
- },
- {
- "name" : "48288",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48288"
- },
- {
- "name" : "48377",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48377"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "52365",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/52365"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:16826",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16826"
+ },
+ {
+ "name": "1026774",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1026774"
+ },
+ {
+ "name": "48377",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48377"
+ },
+ {
+ "name": "APPLE-SA-2012-03-12-1",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
+ },
+ {
+ "name": "48274",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48274"
+ },
+ {
+ "name": "APPLE-SA-2012-03-07-1",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
+ },
+ {
+ "name": "48288",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48288"
+ },
+ {
+ "name": "APPLE-SA-2012-03-07-2",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0674.json b/2012/0xxx/CVE-2012-0674.json
index 2c99142b507..13918e2c01d 100644
--- a/2012/0xxx/CVE-2012-0674.json
+++ b/2012/0xxx/CVE-2012-0674.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0674",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2012-0674",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "APPLE-SA-2012-05-07-1",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00000.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "APPLE-SA-2012-05-07-1",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00000.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1111.json b/2012/1xxx/CVE-2012-1111.json
index 0bb271c6183..e0daeebb578 100644
--- a/2012/1xxx/CVE-2012-1111.json
+++ b/2012/1xxx/CVE-2012-1111.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1111",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-1111",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20120305 CVE Request: lightdm",
- "refsource" : "MLIST",
- "url" : "http://seclists.org/oss-sec/2012/q1/557"
- },
- {
- "name" : "[oss-security] 20120305 Re: CVE Request: lightdm",
- "refsource" : "MLIST",
- "url" : "http://seclists.org/oss-sec/2012/q1/566"
- },
- {
- "name" : "https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/927060",
- "refsource" : "CONFIRM",
- "url" : "https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/927060"
- },
- {
- "name" : "https://bugzilla.novell.com/show_bug.cgi?id=745339",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.novell.com/show_bug.cgi?id=745339"
- },
- {
- "name" : "openSUSE-SU-2012:0354",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00019.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/927060",
+ "refsource": "CONFIRM",
+ "url": "https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/927060"
+ },
+ {
+ "name": "openSUSE-SU-2012:0354",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00019.html"
+ },
+ {
+ "name": "https://bugzilla.novell.com/show_bug.cgi?id=745339",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.novell.com/show_bug.cgi?id=745339"
+ },
+ {
+ "name": "[oss-security] 20120305 Re: CVE Request: lightdm",
+ "refsource": "MLIST",
+ "url": "http://seclists.org/oss-sec/2012/q1/566"
+ },
+ {
+ "name": "[oss-security] 20120305 CVE Request: lightdm",
+ "refsource": "MLIST",
+ "url": "http://seclists.org/oss-sec/2012/q1/557"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1266.json b/2012/1xxx/CVE-2012-1266.json
index 8de42f58890..a9c1b038437 100644
--- a/2012/1xxx/CVE-2012-1266.json
+++ b/2012/1xxx/CVE-2012-1266.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1266",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1266",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1302.json b/2012/1xxx/CVE-2012-1302.json
index 401c642c3a6..299e2d28b89 100644
--- a/2012/1xxx/CVE-2012-1302.json
+++ b/2012/1xxx/CVE-2012-1302.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1302",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1302",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://web.appsec.ws/FlashExploitDatabase.php",
- "refsource" : "MISC",
- "url" : "http://web.appsec.ws/FlashExploitDatabase.php"
- },
- {
- "name" : "https://success.trendmicro.com/solution/1117094",
- "refsource" : "CONFIRM",
- "url" : "https://success.trendmicro.com/solution/1117094"
- },
- {
- "name" : "1038375",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038375"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://success.trendmicro.com/solution/1117094",
+ "refsource": "CONFIRM",
+ "url": "https://success.trendmicro.com/solution/1117094"
+ },
+ {
+ "name": "1038375",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038375"
+ },
+ {
+ "name": "http://web.appsec.ws/FlashExploitDatabase.php",
+ "refsource": "MISC",
+ "url": "http://web.appsec.ws/FlashExploitDatabase.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1523.json b/2012/1xxx/CVE-2012-1523.json
index 63c75b3b6bd..6a357ac0fe4 100644
--- a/2012/1xxx/CVE-2012-1523.json
+++ b/2012/1xxx/CVE-2012-1523.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1523",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"Center Element Remote Code Execution Vulnerability.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1523",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "MS12-037",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
- },
- {
- "name" : "TA12-164A",
- "refsource" : "CERT",
- "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
- },
- {
- "name" : "oval:org.mitre.oval:def:15579",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15579"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"Center Element Remote Code Execution Vulnerability.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "TA12-164A",
+ "refsource": "CERT",
+ "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
+ },
+ {
+ "name": "MS12-037",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:15579",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15579"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1937.json b/2012/1xxx/CVE-2012-1937.json
index 3a200393aec..d66f6aaab31 100644
--- a/2012/1xxx/CVE-2012-1937.json
+++ b/2012/1xxx/CVE-2012-1937.json
@@ -1,132 +1,132 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1937",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1937",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html"
- },
- {
- "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=643967",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=643967"
- },
- {
- "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=723465",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=723465"
- },
- {
- "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745254",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745254"
- },
- {
- "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745494",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745494"
- },
- {
- "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745580",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745580"
- },
- {
- "name" : "DSA-2499",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2012/dsa-2499"
- },
- {
- "name" : "DSA-2488",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2012/dsa-2488"
- },
- {
- "name" : "DSA-2489",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2012/dsa-2489"
- },
- {
- "name" : "MDVSA-2012:088",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
- },
- {
- "name" : "RHSA-2012:0710",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2012-0710.html"
- },
- {
- "name" : "RHSA-2012:0715",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2012-0715.html"
- },
- {
- "name" : "SUSE-SU-2012:0746",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
- },
- {
- "name" : "openSUSE-SU-2012:0760",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
- },
- {
- "name" : "oval:org.mitre.oval:def:17055",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17055"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=643967",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=643967"
+ },
+ {
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=723465",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=723465"
+ },
+ {
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=745494",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745494"
+ },
+ {
+ "name": "MDVSA-2012:088",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
+ },
+ {
+ "name": "DSA-2488",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2012/dsa-2488"
+ },
+ {
+ "name": "DSA-2499",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2012/dsa-2499"
+ },
+ {
+ "name": "RHSA-2012:0710",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2012-0710.html"
+ },
+ {
+ "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-34.html"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:17055",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17055"
+ },
+ {
+ "name": "SUSE-SU-2012:0746",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
+ },
+ {
+ "name": "openSUSE-SU-2012:0760",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
+ },
+ {
+ "name": "DSA-2489",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2012/dsa-2489"
+ },
+ {
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=745254",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745254"
+ },
+ {
+ "name": "RHSA-2012:0715",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2012-0715.html"
+ },
+ {
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=745580",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745580"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4146.json b/2012/4xxx/CVE-2012-4146.json
index 3ea72e45bb6..5ed6149b538 100644
--- a/2012/4xxx/CVE-2012-4146.json
+++ b/2012/4xxx/CVE-2012-4146.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4146",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo \"Shop now\" page."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-4146",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.opera.com/docs/changelogs/mac/1201/",
- "refsource" : "CONFIRM",
- "url" : "http://www.opera.com/docs/changelogs/mac/1201/"
- },
- {
- "name" : "http://www.opera.com/docs/changelogs/unix/1201/",
- "refsource" : "CONFIRM",
- "url" : "http://www.opera.com/docs/changelogs/unix/1201/"
- },
- {
- "name" : "http://www.opera.com/docs/changelogs/windows/1201/",
- "refsource" : "CONFIRM",
- "url" : "http://www.opera.com/docs/changelogs/windows/1201/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo \"Shop now\" page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.opera.com/docs/changelogs/windows/1201/",
+ "refsource": "CONFIRM",
+ "url": "http://www.opera.com/docs/changelogs/windows/1201/"
+ },
+ {
+ "name": "http://www.opera.com/docs/changelogs/mac/1201/",
+ "refsource": "CONFIRM",
+ "url": "http://www.opera.com/docs/changelogs/mac/1201/"
+ },
+ {
+ "name": "http://www.opera.com/docs/changelogs/unix/1201/",
+ "refsource": "CONFIRM",
+ "url": "http://www.opera.com/docs/changelogs/unix/1201/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4616.json b/2012/4xxx/CVE-2012-4616.json
index 647d1d8b60a..63d0eed8921 100644
--- a/2012/4xxx/CVE-2012-4616.json
+++ b/2012/4xxx/CVE-2012-4616.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4616",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security_alert@emc.com",
+ "ID": "CVE-2012-4616",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20121220 ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability.",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0125.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20121220 ESA-2012-060: EMC Data Protection Advisor Information Disclosure Vulnerability.",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0125.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4630.json b/2012/4xxx/CVE-2012-4630.json
index f7514d53e17..ac0a0aaf3fb 100644
--- a/2012/4xxx/CVE-2012-4630.json
+++ b/2012/4xxx/CVE-2012-4630.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4630",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-4630",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/5xxx/CVE-2012-5257.json b/2012/5xxx/CVE-2012-5257.json
index aefd0711eb0..2bad5e1eb9d 100644
--- a/2012/5xxx/CVE-2012-5257.json
+++ b/2012/5xxx/CVE-2012-5257.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-5257",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2012-5257",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
- },
- {
- "name" : "openSUSE-SU-2013:0370",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html"
- },
- {
- "name" : "86034",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/86034"
- },
- {
- "name" : "adobe-cve20125257-bo(79078)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79078"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "openSUSE-SU-2013:0370",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html"
+ },
+ {
+ "name": "86034",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/86034"
+ },
+ {
+ "name": "adobe-cve20125257-bo(79078)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79078"
+ },
+ {
+ "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/5xxx/CVE-2012-5894.json b/2012/5xxx/CVE-2012-5894.json
index 07fdb5dd5cd..97091bbcc06 100644
--- a/2012/5xxx/CVE-2012-5894.json
+++ b/2012/5xxx/CVE-2012-5894.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-5894",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-5894",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html"
- },
- {
- "name" : "80769",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80769"
- },
- {
- "name" : "48646",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48646"
- },
- {
- "name" : "havalite-havapost-sql-injection(74487)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74487"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html"
+ },
+ {
+ "name": "80769",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80769"
+ },
+ {
+ "name": "havalite-havapost-sql-injection(74487)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74487"
+ },
+ {
+ "name": "48646",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48646"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2044.json b/2017/2xxx/CVE-2017-2044.json
index 4865bd92023..f7b93c8f0c8 100644
--- a/2017/2xxx/CVE-2017-2044.json
+++ b/2017/2xxx/CVE-2017-2044.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-2044",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2017-2044",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2234.json b/2017/2xxx/CVE-2017-2234.json
index 87b6442c5ec..2b2b1340174 100644
--- a/2017/2xxx/CVE-2017-2234.json
+++ b/2017/2xxx/CVE-2017-2234.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vultures@jpcert.or.jp",
- "ID" : "CVE-2017-2234",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Toshiba Home gateway HEM-GW16A",
- "version" : {
- "version_data" : [
- {
- "version_value" : "firmware HEM-GW16A-FW-V1.2.0 and earlier"
- }
- ]
- }
- },
- {
- "product_name" : "Toshiba Home gateway HEM-GW26A",
- "version" : {
- "version_data" : [
- {
- "version_value" : "firmware HEM-GW26A-FW-V1.2.0 and earlier"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Toshiba Lighting & Technology Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Hidden Functionality"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "ID": "CVE-2017-2234",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Toshiba Home gateway HEM-GW16A",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "firmware HEM-GW16A-FW-V1.2.0 and earlier"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Toshiba Home gateway HEM-GW26A",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "firmware HEM-GW26A-FW-V1.2.0 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Toshiba Lighting & Technology Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "JVN#85901441",
- "refsource" : "JVN",
- "url" : "http://jvn.jp/en/jp/JVN85901441/index.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device with administrative privileges."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Hidden Functionality"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "JVN#85901441",
+ "refsource": "JVN",
+ "url": "http://jvn.jp/en/jp/JVN85901441/index.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2794.json b/2017/2xxx/CVE-2017-2794.json
index 6008c6b6099..5eb26302fab 100644
--- a/2017/2xxx/CVE-2017-2794.json
+++ b/2017/2xxx/CVE-2017-2794.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "talos-cna@cisco.com",
- "ID" : "CVE-2017-2794",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "DMC HTMLFilter",
- "version" : {
- "version_data" : [
- {
- "version_value" : "as shipped with MarkLogic 8.0-6"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Antenna House"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "remote code execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "talos-cna@cisco.com",
+ "ID": "CVE-2017-2794",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DMC HTMLFilter",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "as shipped with MarkLogic 8.0-6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Antenna House"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0286",
- "refsource" : "MISC",
- "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0286"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "remote code execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0286",
+ "refsource": "MISC",
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0286"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2931.json b/2017/2xxx/CVE-2017-2931.json
index 655598fdba6..ad11b15df93 100644
--- a/2017/2xxx/CVE-2017-2931.json
+++ b/2017/2xxx/CVE-2017-2931.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "ID" : "CVE-2017-2931",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Adobe Flash Player 24.0.0.186 and earlier.",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Adobe Flash Player 24.0.0.186 and earlier."
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Memory Corruption"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2017-2931",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Adobe Flash Player 24.0.0.186 and earlier."
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "41608",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/41608/"
- },
- {
- "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
- "refsource" : "CONFIRM",
- "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
- },
- {
- "name" : "GLSA-201702-20",
- "refsource" : "GENTOO",
- "url" : "https://security.gentoo.org/glsa/201702-20"
- },
- {
- "name" : "RHSA-2017:0057",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
- },
- {
- "name" : "95350",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/95350"
- },
- {
- "name" : "1037570",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1037570"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Memory Corruption"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "GLSA-201702-20",
+ "refsource": "GENTOO",
+ "url": "https://security.gentoo.org/glsa/201702-20"
+ },
+ {
+ "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
+ "refsource": "CONFIRM",
+ "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
+ },
+ {
+ "name": "RHSA-2017:0057",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
+ },
+ {
+ "name": "1037570",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1037570"
+ },
+ {
+ "name": "95350",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/95350"
+ },
+ {
+ "name": "41608",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/41608/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3353.json b/2017/3xxx/CVE-2017-3353.json
index f6eba58280e..1240dcdbf45 100644
--- a/2017/3xxx/CVE-2017-3353.json
+++ b/2017/3xxx/CVE-2017-3353.json
@@ -1,85 +1,85 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert_us@oracle.com",
- "ID" : "CVE-2017-3353",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Marketing",
- "version" : {
- "version_data" : [
- {
- "version_value" : "12.1.1"
- },
- {
- "version_value" : "12.1.2"
- },
- {
- "version_value" : "12.1.3"
- },
- {
- "version_value" : "12.2.3"
- },
- {
- "version_value" : "12.2.4"
- },
- {
- "version_value" : "12.2.5"
- },
- {
- "version_value" : "12.2.6"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Oracle"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2017-3353",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Marketing",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "12.1.1"
+ },
+ {
+ "version_value": "12.1.2"
+ },
+ {
+ "version_value": "12.1.3"
+ },
+ {
+ "version_value": "12.2.3"
+ },
+ {
+ "version_value": "12.2.4"
+ },
+ {
+ "version_value": "12.2.5"
+ },
+ {
+ "version_value": "12.2.6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Oracle"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
- },
- {
- "name" : "95500",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/95500"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "95500",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/95500"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3394.json b/2017/3xxx/CVE-2017-3394.json
index 4115167c73d..e189fae1805 100644
--- a/2017/3xxx/CVE-2017-3394.json
+++ b/2017/3xxx/CVE-2017-3394.json
@@ -1,85 +1,85 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert_us@oracle.com",
- "ID" : "CVE-2017-3394",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Advanced Outbound Telephony",
- "version" : {
- "version_data" : [
- {
- "version_value" : "12.1.1"
- },
- {
- "version_value" : "12.1.2"
- },
- {
- "version_value" : "12.1.3"
- },
- {
- "version_value" : "12.2.3"
- },
- {
- "version_value" : "12.2.4"
- },
- {
- "version_value" : "12.2.5"
- },
- {
- "version_value" : "12.2.6"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Oracle"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2017-3394",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Advanced Outbound Telephony",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "12.1.1"
+ },
+ {
+ "version_value": "12.1.2"
+ },
+ {
+ "version_value": "12.1.3"
+ },
+ {
+ "version_value": "12.2.3"
+ },
+ {
+ "version_value": "12.2.4"
+ },
+ {
+ "version_value": "12.2.5"
+ },
+ {
+ "version_value": "12.2.6"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Oracle"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
- },
- {
- "name" : "95531",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/95531"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "95531",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/95531"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3432.json b/2017/3xxx/CVE-2017-3432.json
index 26fc0c60ab8..b0158c55d12 100644
--- a/2017/3xxx/CVE-2017-3432.json
+++ b/2017/3xxx/CVE-2017-3432.json
@@ -1,81 +1,81 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert_us@oracle.com",
- "ID" : "CVE-2017-3432",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "One-to-One Fulfillment",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "=",
- "version_value" : "12.1.1"
- },
- {
- "version_affected" : "=",
- "version_value" : "12.1.2"
- },
- {
- "version_affected" : "=",
- "version_value" : "12.1.3"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Oracle Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data."
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2017-3432",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "One-to-One Fulfillment",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "12.1.1"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "12.1.2"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "12.1.3"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Oracle Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
- },
- {
- "name" : "97770",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97770"
- },
- {
- "name" : "1038299",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038299"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data."
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "97770",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97770"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
+ },
+ {
+ "name": "1038299",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038299"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3578.json b/2017/3xxx/CVE-2017-3578.json
index aeda9562135..2a3a14ec7a9 100644
--- a/2017/3xxx/CVE-2017-3578.json
+++ b/2017/3xxx/CVE-2017-3578.json
@@ -1,73 +1,73 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert_us@oracle.com",
- "ID" : "CVE-2017-3578",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "=",
- "version_value" : "AK 2013"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Oracle Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2017-3578",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "AK 2013"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Oracle Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
- },
- {
- "name" : "97810",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97810"
- },
- {
- "name" : "1038292",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038292"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
+ },
+ {
+ "name": "1038292",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038292"
+ },
+ {
+ "name": "97810",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97810"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6069.json b/2017/6xxx/CVE-2017-6069.json
index 5d57e219a2f..25aa48983d4 100644
--- a/2017/6xxx/CVE-2017-6069.json
+++ b/2017/6xxx/CVE-2017-6069.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6069",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6069",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://www.yiwang6.cn/Subrion-CSRF2.docx",
- "refsource" : "MISC",
- "url" : "https://www.yiwang6.cn/Subrion-CSRF2.docx"
- },
- {
- "name" : "97196",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97196"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.yiwang6.cn/Subrion-CSRF2.docx",
+ "refsource": "MISC",
+ "url": "https://www.yiwang6.cn/Subrion-CSRF2.docx"
+ },
+ {
+ "name": "97196",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97196"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6125.json b/2017/6xxx/CVE-2017-6125.json
index 831fef9d3c2..66300a1fbd9 100644
--- a/2017/6xxx/CVE-2017-6125.json
+++ b/2017/6xxx/CVE-2017-6125.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6125",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6125",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6134.json b/2017/6xxx/CVE-2017-6134.json
index ba1b29edcaf..0642dcfa860 100644
--- a/2017/6xxx/CVE-2017-6134.json
+++ b/2017/6xxx/CVE-2017-6134.json
@@ -1,84 +1,84 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "f5sirt@f5.com",
- "DATE_PUBLIC" : "2017-12-20T00:00:00",
- "ID" : "CVE-2017-6134",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
- "version" : {
- "version_data" : [
- {
- "version_value" : "13.0.0"
- },
- {
- "version_value" : "12.1.0 - 12.1.2"
- },
- {
- "version_value" : "11.5.1 - 11.6.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "F5 Networks, Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Denial of Service"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "f5sirt@f5.com",
+ "DATE_PUBLIC": "2017-12-20T00:00:00",
+ "ID": "CVE-2017-6134",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "13.0.0"
+ },
+ {
+ "version_value": "12.1.0 - 12.1.2"
+ },
+ {
+ "version_value": "11.5.1 - 11.6.1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "F5 Networks, Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.f5.com/csp/article/K37404773",
- "refsource" : "CONFIRM",
- "url" : "https://support.f5.com/csp/article/K37404773"
- },
- {
- "name" : "102466",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/102466"
- },
- {
- "name" : "1040044",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1040044"
- },
- {
- "name" : "1040045",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1040045"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Denial of Service"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1040045",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1040045"
+ },
+ {
+ "name": "102466",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/102466"
+ },
+ {
+ "name": "1040044",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1040044"
+ },
+ {
+ "name": "https://support.f5.com/csp/article/K37404773",
+ "refsource": "CONFIRM",
+ "url": "https://support.f5.com/csp/article/K37404773"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6709.json b/2017/6xxx/CVE-2017-6709.json
index d0b15a98296..7ff7989a584 100644
--- a/2017/6xxx/CVE-2017-6709.json
+++ b/2017/6xxx/CVE-2017-6709.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "ID" : "CVE-2017-6709",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco Ultra Services Framework",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Cisco Ultra Services Framework"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-200"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2017-6709",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco Ultra Services Framework",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Cisco Ultra Services Framework"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2",
- "refsource" : "CONFIRM",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability exists because the affected software logs administrative credentials in clear text for Cisco ESC and Cisco OpenStack deployment purposes. An attacker could exploit this vulnerability by accessing the AutoVNF URL for the location where the log files are stored and subsequently accessing the administrative credentials that are stored in clear text in those log files. This vulnerability affects all releases of the Cisco Ultra Services Framework prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76659."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2",
+ "refsource": "CONFIRM",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6798.json b/2017/6xxx/CVE-2017-6798.json
index 477dffaee70..f6e9c7d8410 100644
--- a/2017/6xxx/CVE-2017-6798.json
+++ b/2017/6xxx/CVE-2017-6798.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6798",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6798",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://success.trendmicro.com/solution/1116827",
- "refsource" : "CONFIRM",
- "url" : "https://success.trendmicro.com/solution/1116827"
- },
- {
- "name" : "96857",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/96857"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "96857",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/96857"
+ },
+ {
+ "name": "https://success.trendmicro.com/solution/1116827",
+ "refsource": "CONFIRM",
+ "url": "https://success.trendmicro.com/solution/1116827"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6875.json b/2017/6xxx/CVE-2017-6875.json
index 025d6f082e2..c5745a2e429 100644
--- a/2017/6xxx/CVE-2017-6875.json
+++ b/2017/6xxx/CVE-2017-6875.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6875",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6875",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7058.json b/2017/7xxx/CVE-2017-7058.json
index 1d264ba49f2..93f747d6265 100644
--- a/2017/7xxx/CVE-2017-7058.json
+++ b/2017/7xxx/CVE-2017-7058.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "product-security@apple.com",
- "ID" : "CVE-2017-7058",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the \"Notifications\" component. It allows physically proximate attackers to read unintended notifications on the lock screen."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2017-7058",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.apple.com/HT207923",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207923"
- },
- {
- "name" : "99891",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/99891"
- },
- {
- "name" : "1038950",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038950"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the \"Notifications\" component. It allows physically proximate attackers to read unintended notifications on the lock screen."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://support.apple.com/HT207923",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207923"
+ },
+ {
+ "name": "99891",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/99891"
+ },
+ {
+ "name": "1038950",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038950"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7575.json b/2017/7xxx/CVE-2017-7575.json
index 1652b28c5db..7f8c107a14e 100644
--- a/2017/7xxx/CVE-2017-7575.json
+++ b/2017/7xxx/CVE-2017-7575.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7575",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \\x00\\x01\\x00\\x00\\x00\\x05\\x01\\x5a\\x00\\x03\\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7575",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://os-s.net/advisories/OSS-2017-01.pdf",
- "refsource" : "MISC",
- "url" : "https://os-s.net/advisories/OSS-2017-01.pdf"
- },
- {
- "name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02",
- "refsource" : "CONFIRM",
- "url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02"
- },
- {
- "name" : "97523",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97523"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \\x00\\x01\\x00\\x00\\x00\\x05\\x01\\x5a\\x00\\x03\\x00 request to the Modbus port (502/tcp). Subsequently the application may be arbitrarily downloaded, modified, and uploaded."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02",
+ "refsource": "CONFIRM",
+ "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-097-02"
+ },
+ {
+ "name": "https://os-s.net/advisories/OSS-2017-01.pdf",
+ "refsource": "MISC",
+ "url": "https://os-s.net/advisories/OSS-2017-01.pdf"
+ },
+ {
+ "name": "97523",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97523"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7716.json b/2017/7xxx/CVE-2017-7716.json
index 5a3735b365b..fae035f9ec2 100644
--- a/2017/7xxx/CVE-2017-7716.json
+++ b/2017/7xxx/CVE-2017-7716.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7716",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7716",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/radare/radare2/issues/7260",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/radare/radare2/issues/7260"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/radare/radare2/issues/7260",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/radare/radare2/issues/7260"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7841.json b/2017/7xxx/CVE-2017-7841.json
index b027962b747..ebbe264adc6 100644
--- a/2017/7xxx/CVE-2017-7841.json
+++ b/2017/7xxx/CVE-2017-7841.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7841",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7841",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10410.json b/2018/10xxx/CVE-2018-10410.json
index dc87b9e67f6..df1f62b3e7e 100644
--- a/2018/10xxx/CVE-2018-10410.json
+++ b/2018/10xxx/CVE-2018-10410.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-10410",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-10410",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10620.json b/2018/10xxx/CVE-2018-10620.json
index c628bdf9082..e9709e7c81f 100644
--- a/2018/10xxx/CVE-2018-10620.json
+++ b/2018/10xxx/CVE-2018-10620.json
@@ -1,88 +1,88 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "ics-cert@hq.dhs.gov",
- "DATE_PUBLIC" : "2018-07-19T00:00:00",
- "ID" : "CVE-2018-10620",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "InduSoft Web Studio",
- "version" : {
- "version_data" : [
- {
- "version_value" : "v8.1 and v8.1SP1"
- }
- ]
- }
- },
- {
- "product_name" : "InTouch Machine Edition",
- "version" : {
- "version_data" : [
- {
- "version_value" : "v2017 8.1 and v2017 8.1 SP1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "AVEVA Software, LLC"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "STACK-BASED BUFFER OVERFLOW CWE-121"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "DATE_PUBLIC": "2018-07-19T00:00:00",
+ "ID": "CVE-2018-10620",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "InduSoft Web Studio",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "v8.1 and v8.1SP1"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "InTouch Machine Edition",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "v2017 8.1 and v2017 8.1 SP1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "AVEVA Software, LLC"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01",
- "refsource" : "MISC",
- "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01"
- },
- {
- "name" : "https://www.tenable.com/security/research/tra-2018-19",
- "refsource" : "MISC",
- "url" : "https://www.tenable.com/security/research/tra-2018-19"
- },
- {
- "name" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf",
- "refsource" : "CONFIRM",
- "url" : "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf"
- },
- {
- "name" : "104870",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/104870"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "STACK-BASED BUFFER OVERFLOW CWE-121"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf",
+ "refsource": "CONFIRM",
+ "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec128(002).pdf"
+ },
+ {
+ "name": "https://www.tenable.com/security/research/tra-2018-19",
+ "refsource": "MISC",
+ "url": "https://www.tenable.com/security/research/tra-2018-19"
+ },
+ {
+ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01",
+ "refsource": "MISC",
+ "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-200-01"
+ },
+ {
+ "name": "104870",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/104870"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10787.json b/2018/10xxx/CVE-2018-10787.json
index f6add12a9d9..b2adca5fc90 100644
--- a/2018/10xxx/CVE-2018-10787.json
+++ b/2018/10xxx/CVE-2018-10787.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-10787",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-10787",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10795.json b/2018/10xxx/CVE-2018-10795.json
index 3798bcd6f28..0631886a53f 100644
--- a/2018/10xxx/CVE-2018-10795.json
+++ b/2018/10xxx/CVE-2018-10795.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-10795",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-10795",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://cxsecurity.com/issue/WLB-2018050029",
- "refsource" : "MISC",
- "url" : "https://cxsecurity.com/issue/WLB-2018050029"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. NOTE: the vendor disputes this issue because file upload is an expected feature, subject to Role Based Access Control checks where only authenticated users with proper permissions can upload files."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://cxsecurity.com/issue/WLB-2018050029",
+ "refsource": "MISC",
+ "url": "https://cxsecurity.com/issue/WLB-2018050029"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14040.json b/2018/14xxx/CVE-2018-14040.json
index 6cbbeff2316..472f14f334a 100644
--- a/2018/14xxx/CVE-2018-14040.json
+++ b/2018/14xxx/CVE-2018-14040.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14040",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14040",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"
- },
- {
- "name" : "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
- "refsource" : "MISC",
- "url" : "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
- },
- {
- "name" : "https://github.com/twbs/bootstrap/issues/26423",
- "refsource" : "MISC",
- "url" : "https://github.com/twbs/bootstrap/issues/26423"
- },
- {
- "name" : "https://github.com/twbs/bootstrap/issues/26625",
- "refsource" : "MISC",
- "url" : "https://github.com/twbs/bootstrap/issues/26625"
- },
- {
- "name" : "https://github.com/twbs/bootstrap/pull/26630",
- "refsource" : "MISC",
- "url" : "https://github.com/twbs/bootstrap/pull/26630"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/twbs/bootstrap/pull/26630",
+ "refsource": "MISC",
+ "url": "https://github.com/twbs/bootstrap/pull/26630"
+ },
+ {
+ "name": "https://github.com/twbs/bootstrap/issues/26423",
+ "refsource": "MISC",
+ "url": "https://github.com/twbs/bootstrap/issues/26423"
+ },
+ {
+ "name": "https://github.com/twbs/bootstrap/issues/26625",
+ "refsource": "MISC",
+ "url": "https://github.com/twbs/bootstrap/issues/26625"
+ },
+ {
+ "name": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/",
+ "refsource": "MISC",
+ "url": "https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/"
+ },
+ {
+ "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1479-1] twitter-bootstrap3 security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00027.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14682.json b/2018/14xxx/CVE-2018-14682.json
index a5b2a1bc148..bd3f7abd1bd 100644
--- a/2018/14xxx/CVE-2018-14682.json
+++ b/2018/14xxx/CVE-2018-14682.json
@@ -1,117 +1,117 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14682",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14682",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html"
- },
- {
- "name" : "http://www.openwall.com/lists/oss-security/2018/07/26/1",
- "refsource" : "MISC",
- "url" : "http://www.openwall.com/lists/oss-security/2018/07/26/1"
- },
- {
- "name" : "https://bugs.debian.org/904800",
- "refsource" : "MISC",
- "url" : "https://bugs.debian.org/904800"
- },
- {
- "name" : "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8",
- "refsource" : "MISC",
- "url" : "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8"
- },
- {
- "name" : "DSA-4260",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2018/dsa-4260"
- },
- {
- "name" : "RHSA-2018:3327",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:3327"
- },
- {
- "name" : "RHSA-2018:3505",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:3505"
- },
- {
- "name" : "USN-3728-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3728-1/"
- },
- {
- "name" : "USN-3728-3",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3728-3/"
- },
- {
- "name" : "USN-3728-2",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3728-2/"
- },
- {
- "name" : "USN-3789-2",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3789-2/"
- },
- {
- "name" : "1041410",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1041410"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "USN-3728-3",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3728-3/"
+ },
+ {
+ "name": "DSA-4260",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2018/dsa-4260"
+ },
+ {
+ "name": "[debian-lts-announce] 20180806 [SECURITY] [DLA-1460-1] libmspack security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html"
+ },
+ {
+ "name": "https://bugs.debian.org/904800",
+ "refsource": "MISC",
+ "url": "https://bugs.debian.org/904800"
+ },
+ {
+ "name": "http://www.openwall.com/lists/oss-security/2018/07/26/1",
+ "refsource": "MISC",
+ "url": "http://www.openwall.com/lists/oss-security/2018/07/26/1"
+ },
+ {
+ "name": "RHSA-2018:3505",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:3505"
+ },
+ {
+ "name": "USN-3789-2",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3789-2/"
+ },
+ {
+ "name": "USN-3728-2",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3728-2/"
+ },
+ {
+ "name": "1041410",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1041410"
+ },
+ {
+ "name": "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8",
+ "refsource": "MISC",
+ "url": "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8"
+ },
+ {
+ "name": "USN-3728-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3728-1/"
+ },
+ {
+ "name": "RHSA-2018:3327",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:3327"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17035.json b/2018/17xxx/CVE-2018-17035.json
index 69d2780b696..6b9dadb567c 100644
--- a/2018/17xxx/CVE-2018-17035.json
+++ b/2018/17xxx/CVE-2018-17035.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17035",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17035",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/blackstar24/UCMS/blob/master/README.md",
- "refsource" : "MISC",
- "url" : "https://github.com/blackstar24/UCMS/blob/master/README.md"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/blackstar24/UCMS/blob/master/README.md",
+ "refsource": "MISC",
+ "url": "https://github.com/blackstar24/UCMS/blob/master/README.md"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17999.json b/2018/17xxx/CVE-2018-17999.json
index e9af77a5a01..35b6ba426a5 100644
--- a/2018/17xxx/CVE-2018-17999.json
+++ b/2018/17xxx/CVE-2018-17999.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17999",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17999",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20132.json b/2018/20xxx/CVE-2018-20132.json
index f596d89f0d9..04454bce51b 100644
--- a/2018/20xxx/CVE-2018-20132.json
+++ b/2018/20xxx/CVE-2018-20132.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20132",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2018-20132",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20156.json b/2018/20xxx/CVE-2018-20156.json
index e5185b4a1b3..ea11a33001e 100644
--- a/2018/20xxx/CVE-2018-20156.json
+++ b/2018/20xxx/CVE-2018-20156.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20156",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated \"site administrator\" users to execute arbitrary PHP code throughout a multisite network."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20156",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/",
- "refsource" : "MISC",
- "url" : "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated \"site administrator\" users to execute arbitrary PHP code throughout a multisite network."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/",
+ "refsource": "MISC",
+ "url": "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20189.json b/2018/20xxx/CVE-2018-20189.json
index beddc64c651..cbb5aacfee3 100644
--- a/2018/20xxx/CVE-2018-20189.json
+++ b/2018/20xxx/CVE-2018-20189.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20189",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20189",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
- },
- {
- "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589",
- "refsource" : "MISC",
- "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
- },
- {
- "name" : "https://sourceforge.net/p/graphicsmagick/bugs/585/",
- "refsource" : "MISC",
- "url" : "https://sourceforge.net/p/graphicsmagick/bugs/585/"
- },
- {
- "name" : "106227",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/106227"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "106227",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/106227"
+ },
+ {
+ "name": "https://sourceforge.net/p/graphicsmagick/bugs/585/",
+ "refsource": "MISC",
+ "url": "https://sourceforge.net/p/graphicsmagick/bugs/585/"
+ },
+ {
+ "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589",
+ "refsource": "MISC",
+ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/648e2b406589"
+ },
+ {
+ "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20227.json b/2018/20xxx/CVE-2018-20227.json
index 5da25e0db6e..689f6b13272 100644
--- a/2018/20xxx/CVE-2018-20227.json
+++ b/2018/20xxx/CVE-2018-20227.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20227",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20227",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/eclipse/rdf4j/issues/1210",
- "refsource" : "MISC",
- "url" : "https://github.com/eclipse/rdf4j/issues/1210"
- },
- {
- "name" : "https://github.com/eclipse/rdf4j/pull/1211/commits/df15a4d7a8f2789c043b27c9eafe1b30316cfa79",
- "refsource" : "MISC",
- "url" : "https://github.com/eclipse/rdf4j/pull/1211/commits/df15a4d7a8f2789c043b27c9eafe1b30316cfa79"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/eclipse/rdf4j/pull/1211/commits/df15a4d7a8f2789c043b27c9eafe1b30316cfa79",
+ "refsource": "MISC",
+ "url": "https://github.com/eclipse/rdf4j/pull/1211/commits/df15a4d7a8f2789c043b27c9eafe1b30316cfa79"
+ },
+ {
+ "name": "https://github.com/eclipse/rdf4j/issues/1210",
+ "refsource": "MISC",
+ "url": "https://github.com/eclipse/rdf4j/issues/1210"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20524.json b/2018/20xxx/CVE-2018-20524.json
index 216f3fff926..5913c556406 100644
--- a/2018/20xxx/CVE-2018-20524.json
+++ b/2018/20xxx/CVE-2018-20524.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20524",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of < in a message, because a danmuWrapper DIV element in chatbox-only\\danmu.js is outside the scope of a Content Security Policy (CSP)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20524",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://vul.su.ki/posts/Chat_Anywhere_2.4.0_XSS.md/",
- "refsource" : "MISC",
- "url" : "https://vul.su.ki/posts/Chat_Anywhere_2.4.0_XSS.md/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of < in a message, because a danmuWrapper DIV element in chatbox-only\\danmu.js is outside the scope of a Content Security Policy (CSP)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://vul.su.ki/posts/Chat_Anywhere_2.4.0_XSS.md/",
+ "refsource": "MISC",
+ "url": "https://vul.su.ki/posts/Chat_Anywhere_2.4.0_XSS.md/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9363.json b/2018/9xxx/CVE-2018-9363.json
index 7f7f6618430..89752cb1db4 100644
--- a/2018/9xxx/CVE-2018-9363.json
+++ b/2018/9xxx/CVE-2018-9363.json
@@ -1,113 +1,113 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@google.com",
- "DATE_PUBLIC" : "2018-10-31T00:00:00",
- "ID" : "CVE-2018-9363",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Android kernel"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Google Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Elevation of privilege"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@android.com",
+ "DATE_PUBLIC": "2018-10-31T00:00:00",
+ "ID": "CVE-2018-9363",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android kernel"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Google Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
- },
- {
- "name" : "https://source.android.com/security/bulletin/2018-06-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/2018-06-01"
- },
- {
- "name" : "DSA-4308",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2018/dsa-4308"
- },
- {
- "name" : "RHSA-2018:2948",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:2948"
- },
- {
- "name" : "USN-3797-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3797-1/"
- },
- {
- "name" : "USN-3797-2",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3797-2/"
- },
- {
- "name" : "USN-3820-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3820-1/"
- },
- {
- "name" : "USN-3820-2",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3820-2/"
- },
- {
- "name" : "USN-3820-3",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3820-3/"
- },
- {
- "name" : "USN-3822-2",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3822-2/"
- },
- {
- "name" : "USN-3822-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3822-1/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Elevation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "USN-3797-2",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3797-2/"
+ },
+ {
+ "name": "USN-3797-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3797-1/"
+ },
+ {
+ "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
+ },
+ {
+ "name": "USN-3820-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3820-1/"
+ },
+ {
+ "name": "USN-3820-2",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3820-2/"
+ },
+ {
+ "name": "RHSA-2018:2948",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:2948"
+ },
+ {
+ "name": "DSA-4308",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2018/dsa-4308"
+ },
+ {
+ "name": "https://source.android.com/security/bulletin/2018-06-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/2018-06-01"
+ },
+ {
+ "name": "USN-3822-2",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3822-2/"
+ },
+ {
+ "name": "USN-3822-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3822-1/"
+ },
+ {
+ "name": "USN-3820-3",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3820-3/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9581.json b/2018/9xxx/CVE-2018-9581.json
index 34688378343..ca07e617fc6 100644
--- a/2018/9xxx/CVE-2018-9581.json
+++ b/2018/9xxx/CVE-2018-9581.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-9581",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-9581",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9853.json b/2018/9xxx/CVE-2018-9853.json
index 6a21fd11267..79c2edd4c35 100644
--- a/2018/9xxx/CVE-2018-9853.json
+++ b/2018/9xxx/CVE-2018-9853.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-9853",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-9853",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://medium.com/@TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a",
- "refsource" : "MISC",
- "url" : "https://medium.com/@TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://medium.com/@TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a",
+ "refsource": "MISC",
+ "url": "https://medium.com/@TheWindowsTwin/vulnerability-in-freesshd-5a0abc147d7a"
+ }
+ ]
+ }
+}
\ No newline at end of file