From 9213397d22832671b56606dd90b80b0c5b54550b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:34:28 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1171.json | 34 ++-- 2002/1xxx/CVE-2002-1555.json | 140 +++++++-------- 2002/1xxx/CVE-2002-1641.json | 140 +++++++-------- 2002/1xxx/CVE-2002-1870.json | 140 +++++++-------- 2002/1xxx/CVE-2002-1878.json | 160 +++++++++--------- 2002/1xxx/CVE-2002-1992.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0481.json | 120 ++++++------- 2003/0xxx/CVE-2003-0635.json | 130 +++++++------- 2003/0xxx/CVE-2003-0693.json | 300 ++++++++++++++++----------------- 2003/1xxx/CVE-2003-1060.json | 140 +++++++-------- 2003/1xxx/CVE-2003-1077.json | 160 +++++++++--------- 2004/2xxx/CVE-2004-2584.json | 140 +++++++-------- 2004/2xxx/CVE-2004-2754.json | 180 ++++++++++---------- 2008/2xxx/CVE-2008-2990.json | 150 ++++++++--------- 2012/0xxx/CVE-2012-0349.json | 34 ++-- 2012/0xxx/CVE-2012-0480.json | 34 ++-- 2012/0xxx/CVE-2012-0860.json | 170 +++++++++---------- 2012/1xxx/CVE-2012-1681.json | 150 ++++++++--------- 2012/1xxx/CVE-2012-1722.json | 210 +++++++++++------------ 2012/1xxx/CVE-2012-1797.json | 150 ++++++++--------- 2012/1xxx/CVE-2012-1894.json | 140 +++++++-------- 2012/1xxx/CVE-2012-1901.json | 140 +++++++-------- 2012/1xxx/CVE-2012-1941.json | 190 ++++++++++----------- 2012/4xxx/CVE-2012-4347.json | 130 +++++++------- 2012/4xxx/CVE-2012-4425.json | 200 +++++++++++----------- 2012/4xxx/CVE-2012-4615.json | 170 +++++++++---------- 2012/5xxx/CVE-2012-5390.json | 140 +++++++-------- 2012/5xxx/CVE-2012-5439.json | 34 ++-- 2012/5xxx/CVE-2012-5468.json | 220 ++++++++++++------------ 2017/3xxx/CVE-2017-3100.json | 160 +++++++++--------- 2017/3xxx/CVE-2017-3102.json | 140 +++++++-------- 2017/3xxx/CVE-2017-3849.json | 140 +++++++-------- 2017/6xxx/CVE-2017-6184.json | 140 +++++++-------- 2017/6xxx/CVE-2017-6578.json | 130 +++++++------- 2017/7xxx/CVE-2017-7723.json | 120 ++++++------- 2017/8xxx/CVE-2017-8342.json | 150 ++++++++--------- 2017/8xxx/CVE-2017-8522.json | 140 +++++++-------- 2017/8xxx/CVE-2017-8997.json | 34 ++-- 2018/10xxx/CVE-2018-10121.json | 120 ++++++------- 2018/10xxx/CVE-2018-10242.json | 34 ++-- 2018/10xxx/CVE-2018-10884.json | 156 ++++++++--------- 2018/10xxx/CVE-2018-10893.json | 164 +++++++++--------- 2018/13xxx/CVE-2018-13099.json | 170 +++++++++---------- 2018/13xxx/CVE-2018-13122.json | 120 ++++++------- 2018/13xxx/CVE-2018-13153.json | 150 ++++++++--------- 2018/17xxx/CVE-2018-17142.json | 120 ++++++------- 2018/17xxx/CVE-2018-17272.json | 34 ++-- 2018/17xxx/CVE-2018-17366.json | 120 ++++++------- 2018/17xxx/CVE-2018-17483.json | 34 ++-- 2018/17xxx/CVE-2018-17541.json | 34 ++-- 2018/20xxx/CVE-2018-20689.json | 34 ++-- 2018/20xxx/CVE-2018-20712.json | 140 +++++++-------- 2018/9xxx/CVE-2018-9185.json | 140 +++++++-------- 2018/9xxx/CVE-2018-9677.json | 34 ++-- 54 files changed, 3472 insertions(+), 3472 deletions(-) diff --git a/2002/1xxx/CVE-2002-1171.json b/2002/1xxx/CVE-2002-1171.json index 6bd58eb1203..5800bbfe7b7 100644 --- a/2002/1xxx/CVE-2002-1171.json +++ b/2002/1xxx/CVE-2002-1171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1555.json b/2002/1xxx/CVE-2002-1555.json index fcb81119625..00fc6c575bd 100644 --- a/2002/1xxx/CVE-2002-1555.json +++ b/2002/1xxx/CVE-2002-1555.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a \"public\" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml" - }, - { - "name" : "6081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6081" - }, - { - "name" : "cisco-ons-snmp-public(10507)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10507.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a \"public\" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ons-snmp-public(10507)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10507.php" + }, + { + "name": "6081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6081" + }, + { + "name": "20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1641.json b/2002/1xxx/CVE-2002-1641.json index d21c0018f21..e85b5fa8b14 100644 --- a/2002/1xxx/CVE-2002-1641.json +++ b/2002/1xxx/CVE-2002-1641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nextgenss.com/vna/ora-webcache.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/vna/ora-webcache.txt" - }, - { - "name" : "4856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4856" - }, - { - "name" : "VU#291555", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/291555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#291555", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/291555" + }, + { + "name": "4856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4856" + }, + { + "name": "http://www.nextgenss.com/vna/ora-webcache.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/vna/ora-webcache.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1870.json b/2002/1xxx/CVE-2002-1870.json index 3c3b5835708..ca814ab3962 100644 --- a/2002/1xxx/CVE-2002-1870.json +++ b/2002/1xxx/CVE-2002-1870.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Re: SWS Web Server v0.1.0 Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html" - }, - { - "name" : "5660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5660" - }, - { - "name" : "sws-webserver-recv-overwrite(10072)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10072.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sws-webserver-recv-overwrite(10072)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10072.php" + }, + { + "name": "5660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5660" + }, + { + "name": "20020903 Re: SWS Web Server v0.1.0 Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1878.json b/2002/1xxx/CVE-2002-1878.json index ab6be5618f3..d3ee47c7eac 100644 --- a/2002/1xxx/CVE-2002-1878.json +++ b/2002/1xxx/CVE-2002-1878.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020608 Security holes in LokwaBB and W-Agora", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt" - }, - { - "name" : "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563", - "refsource" : "CONFIRM", - "url" : "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563" - }, - { - "name" : "4977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4977" - }, - { - "name" : "wagora-file-include(9317)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9317.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563", + "refsource": "CONFIRM", + "url": "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563" + }, + { + "name": "4977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4977" + }, + { + "name": "wagora-file-include(9317)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9317.php" + }, + { + "name": "20020608 Security holes in LokwaBB and W-Agora", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1992.json b/2002/1xxx/CVE-2002-1992.json index 60da455c54c..a0b1ceef288 100644 --- a/2002/1xxx/CVE-2002-1992.json +++ b/2002/1xxx/CVE-2002-1992.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1992", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1992", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161" - }, - { - "name" : "5121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5121" - }, - { - "name" : "coldfusion-mx-jrundll-bo(9460)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9460.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "coldfusion-mx-jrundll-bo(9460)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9460.php" + }, + { + "name": "5121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5121" + }, + { + "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0481.json b/2003/0xxx/CVE-2003-0481.json index 5f0cae73bc2..ffcd5a87bb7 100644 --- a/2003/0xxx/CVE-2003-0481.json +++ b/2003/0xxx/CVE-2003-0481.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030623 [KSA-001] Multiple vulnerabilities in Tutos", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105638743109781&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0635.json b/2003/0xxx/CVE-2003-0635.json index 4c09c8167ab..15dde26d26c 100644 --- a/2003/0xxx/CVE-2003-0635.json +++ b/2003/0xxx/CVE-2003-0635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2" - }, - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" + }, + { + "name": "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105492852131747&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0693.json b/2003/0xxx/CVE-2003-0693.json index ccfa60e12a7..b5925799149 100644 --- a/2003/0xxx/CVE-2003-0693.json +++ b/2003/0xxx/CVE-2003-0693.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030916 OpenSSH Buffer Management Bug Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106373247528528&w=2" - }, - { - "name" : "http://www.openssh.com/txt/buffer.adv", - "refsource" : "CONFIRM", - "url" : "http://www.openssh.com/txt/buffer.adv" - }, - { - "name" : "20030915 openssh remote exploit", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html" - }, - { - "name" : "20030916 The lowdown on SSH vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html" - }, - { - "name" : "20030915 new ssh exploit?", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html" - }, - { - "name" : "RHSA-2003:279", - "refsource" : "REDHAT", - "url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2" - }, - { - "name" : "RHSA-2003:280", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html" - }, - { - "name" : "MDKSA-2003:090", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090" - }, - { - "name" : "DSA-382", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-382" - }, - { - "name" : "DSA-383", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-383" - }, - { - "name" : "1000620", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1" - }, - { - "name" : "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106374466212309&w=2" - }, - { - "name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2" - }, - { - "name" : "2003-0033", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=106381396120332&w=2" - }, - { - "name" : "CA-2003-24", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-24.html" - }, - { - "name" : "VU#333628", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/333628" - }, - { - "name" : "oval:org.mitre.oval:def:2719", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719" - }, - { - "name" : "openssh-packet-bo(13191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191" - }, - { - "name" : "oval:org.mitre.oval:def:447", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1000620", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1" + }, + { + "name": "20030915 new ssh exploit?", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html" + }, + { + "name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106381409220492&w=2" + }, + { + "name": "openssh-packet-bo(13191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191" + }, + { + "name": "DSA-383", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-383" + }, + { + "name": "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106374466212309&w=2" + }, + { + "name": "http://www.openssh.com/txt/buffer.adv", + "refsource": "CONFIRM", + "url": "http://www.openssh.com/txt/buffer.adv" + }, + { + "name": "RHSA-2003:280", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-280.html" + }, + { + "name": "CA-2003-24", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-24.html" + }, + { + "name": "20030915 openssh remote exploit", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html" + }, + { + "name": "oval:org.mitre.oval:def:2719", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719" + }, + { + "name": "2003-0033", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=106381396120332&w=2" + }, + { + "name": "20030916 The lowdown on SSH vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html" + }, + { + "name": "DSA-382", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-382" + }, + { + "name": "20030916 OpenSSH Buffer Management Bug Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106373247528528&w=2" + }, + { + "name": "MDKSA-2003:090", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090" + }, + { + "name": "oval:org.mitre.oval:def:447", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447" + }, + { + "name": "RHSA-2003:279", + "refsource": "REDHAT", + "url": "http://marc.info/?l=bugtraq&m=106373546332230&w=2" + }, + { + "name": "VU#333628", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/333628" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1060.json b/2003/1xxx/CVE-2003-1060.json index e3cabd025f0..f4dc12ca717 100644 --- a/2003/1xxx/CVE-2003-1060.json +++ b/2003/1xxx/CVE-2003-1060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57406", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1" - }, - { - "name" : "8929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8929" - }, - { - "name" : "solaris-nfs-ufs-dos(13547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-nfs-ufs-dos(13547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13547" + }, + { + "name": "8929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8929" + }, + { + "name": "57406", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1077.json b/2003/1xxx/CVE-2003-1077.json index df718c0a278..8d386fc37a3 100644 --- a/2003/1xxx/CVE-2003-1077.json +++ b/2003/1xxx/CVE-2003-1077.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51300", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1" - }, - { - "name" : "7032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7032" - }, - { - "name" : "1006233", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006233" - }, - { - "name" : "8234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8234/" - }, - { - "name" : "solaris-ufs-logging-dos(11481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1006233", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006233" + }, + { + "name": "7032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7032" + }, + { + "name": "51300", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1" + }, + { + "name": "8234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8234/" + }, + { + "name": "solaris-ufs-logging-dos(11481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11481" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2584.json b/2004/2xxx/CVE-2004-2584.json index 19a170797f1..8828e7cdb96 100644 --- a/2004/2xxx/CVE-2004-2584.json +++ b/2004/2xxx/CVE-2004-2584.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte (\"%00\"). NOTE: it is not clear whether this issue poses a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=4098", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=4098" - }, - { - "name" : "smartermail-frmaddfolder-file-manipulation(15392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte (\"%00\"). NOTE: it is not clear whether this issue poses a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "smartermail-frmaddfolder-file-manipulation(15392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15392" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=4098", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=4098" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2754.json b/2004/2xxx/CVE-2004-2754.json index cccea1dd868..a46e2b21fae 100644 --- a/2004/2xxx/CVE-2004-2754.json +++ b/2004/2xxx/CVE-2004-2754.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040119 Yabb SE SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/350244" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105" - }, - { - "name" : "http://www.yabbse.org/community/index.php?thread=27122", - "refsource" : "MISC", - "url" : "http://www.yabbse.org/community/index.php?thread=27122" - }, - { - "name" : "9449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9449" - }, - { - "name" : "3618", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3618" - }, - { - "name" : "1008764", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008764" - }, - { - "name" : "3371", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040119 Yabb SE SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/350244" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105" + }, + { + "name": "3618", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3618" + }, + { + "name": "9449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9449" + }, + { + "name": "3371", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3371" + }, + { + "name": "1008764", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008764" + }, + { + "name": "http://www.yabbse.org/community/index.php?thread=27122", + "refsource": "MISC", + "url": "http://www.yabbse.org/community/index.php?thread=27122" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2990.json b/2008/2xxx/CVE-2008-2990.json index 6c7f3d25c6d..d7753820dbb 100644 --- a/2008/2xxx/CVE-2008-2990.json +++ b/2008/2xxx/CVE-2008-2990.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5915", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5915" - }, - { - "name" : "29904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29904" - }, - { - "name" : "3967", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3967" - }, - { - "name" : "facileforms-facileformsframe-file-include(43290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "facileforms-facileformsframe-file-include(43290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290" + }, + { + "name": "29904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29904" + }, + { + "name": "3967", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3967" + }, + { + "name": "5915", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5915" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0349.json b/2012/0xxx/CVE-2012-0349.json index e782026aa40..7e2446b2921 100644 --- a/2012/0xxx/CVE-2012-0349.json +++ b/2012/0xxx/CVE-2012-0349.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0349", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0349", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0480.json b/2012/0xxx/CVE-2012-0480.json index e4813ad7c42..95e3b07d684 100644 --- a/2012/0xxx/CVE-2012-0480.json +++ b/2012/0xxx/CVE-2012-0480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0860.json b/2012/0xxx/CVE-2012-0860.json index fadbe616a5c..9fe124d5721 100644 --- a/2012/0xxx/CVE-2012-0860.json +++ b/2012/0xxx/CVE-2012-0860.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=790730", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=790730" - }, - { - "name" : "RHSA-2012:1506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html" - }, - { - "name" : "RHSA-2012:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1508.html" - }, - { - "name" : "56825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56825" - }, - { - "name" : "1027838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027838" - }, - { - "name" : "enterprise-rhev-priv-esc(80543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1508.html" + }, + { + "name": "56825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56825" + }, + { + "name": "RHSA-2012:1506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html" + }, + { + "name": "enterprise-rhev-priv-esc(80543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80543" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=790730", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=790730" + }, + { + "name": "1027838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027838" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1681.json b/2012/1xxx/CVE-2012-1681.json index 68b60555753..69c7ca551a5 100644 --- a/2012/1xxx/CVE-2012-1681.json +++ b/2012/1xxx/CVE-2012-1681.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026940" - }, - { - "name" : "48809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026940" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48809" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1722.json b/2012/1xxx/CVE-2012-1722.json index 880c8da61ff..9156cd6286d 100644 --- a/2012/1xxx/CVE-2012-1722.json +++ b/2012/1xxx/CVE-2012-1722.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" - }, - { - "name" : "HPSBUX02805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" - }, - { - "name" : "SSRT100919", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2012:0734", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html" - }, - { - "name" : "SUSE-SU-2012:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" - }, - { - "name" : "SUSE-SU-2012:1265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" - }, - { - "name" : "53953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53953" - }, - { - "name" : "oval:org.mitre.oval:def:16214", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" + }, + { + "name": "53953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53953" + }, + { + "name": "SUSE-SU-2012:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" + }, + { + "name": "RHSA-2012:0734", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" + }, + { + "name": "SSRT100919", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "oval:org.mitre.oval:def:16214", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16214" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1797.json b/2012/1xxx/CVE-2012-1797.json index 85ead5cd133..1ca7b9463f6 100644 --- a/2012/1xxx/CVE-2012-1797.json +++ b/2012/1xxx/CVE-2012-1797.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518" - }, - { - "name" : "IC79518", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518" - }, - { - "name" : "oval:org.mitre.oval:def:14922", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922" - }, - { - "name" : "db2-nodes-unspecified(74326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518" + }, + { + "name": "db2-nodes-unspecified(74326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326" + }, + { + "name": "oval:org.mitre.oval:def:14922", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922" + }, + { + "name": "IC79518", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1894.json b/2012/1xxx/CVE-2012-1894.json index cd9213c7a6c..efb84fa9885 100644 --- a/2012/1xxx/CVE-2012-1894.json +++ b/2012/1xxx/CVE-2012-1894.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office for Mac 2011 uses world-writable permissions for the \"Applications/Microsoft Office 2011/\" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka \"Office for Mac Improper Folder Permissions Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-051" - }, - { - "name" : "TA12-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15602", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office for Mac 2011 uses world-writable permissions for the \"Applications/Microsoft Office 2011/\" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka \"Office for Mac Improper Folder Permissions Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" + }, + { + "name": "MS12-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-051" + }, + { + "name": "oval:org.mitre.oval:def:15602", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15602" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1901.json b/2012/1xxx/CVE-2012-1901.json index d639c628e6d..95cebdc617c 100644 --- a/2012/1xxx/CVE-2012-1901.json +++ b/2012/1xxx/CVE-2012-1901.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18609", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18609" - }, - { - "name" : "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html" - }, - { - "name" : "48451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html", + "refsource": "MISC", + "url": "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html" + }, + { + "name": "18609", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18609" + }, + { + "name": "48451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48451" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1941.json b/2012/1xxx/CVE-2012-1941.json index bda09d64a0c..29740ec1bb5 100644 --- a/2012/1xxx/CVE-2012-1941.json +++ b/2012/1xxx/CVE-2012-1941.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750066", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750066" - }, - { - "name" : "MDVSA-2012:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088" - }, - { - "name" : "RHSA-2012:0710", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0710.html" - }, - { - "name" : "RHSA-2012:0715", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0715.html" - }, - { - "name" : "SUSE-SU-2012:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" - }, - { - "name" : "openSUSE-SU-2012:0760", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html" - }, - { - "name" : "oval:org.mitre.oval:def:16985", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088" + }, + { + "name": "RHSA-2012:0710", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0710.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=750066", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=750066" + }, + { + "name": "oval:org.mitre.oval:def:16985", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html" + }, + { + "name": "SUSE-SU-2012:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" + }, + { + "name": "openSUSE-SU-2012:0760", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html" + }, + { + "name": "RHSA-2012:0715", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0715.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4347.json b/2012/4xxx/CVE-2012-4347.json index 6ae3460e88c..791b72fb5fc 100644 --- a/2012/4xxx/CVE-2012-4347.json +++ b/2012/4xxx/CVE-2012-4347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00" - }, - { - "name" : "56789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56789" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4425.json b/2012/4xxx/CVE-2012-4425.json index 6689da5fdd8..cb082da711e 100644 --- a/2012/4xxx/CVE-2012-4425.json +++ b/2012/4xxx/CVE-2012-4425.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21323", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/21323" - }, - { - "name" : "[oss-security] 20120912 libdbus CVE-2012-3524 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/12/6" - }, - { - "name" : "[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/14/2" - }, - { - "name" : "[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/17/2" - }, - { - "name" : "[scm-commits] 20120914 [spice-gtk/f18] Add patch fixing CVE 2012-4425", - "refsource" : "MLIST", - "url" : "http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051" - }, - { - "name" : "[spice-devel] 20120914 [spice-gtk] usb-acl-helper: Clear environment", - "refsource" : "MLIST", - "url" : "http://www.spinics.net/lists/spice-devel/msg01940.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=857283", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=857283" - }, - { - "name" : "RHSA-2012:1284", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1284.html" - }, - { - "name" : "55555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1284", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1284.html" + }, + { + "name": "[oss-security] 20120912 libdbus CVE-2012-3524 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/12/6" + }, + { + "name": "[spice-devel] 20120914 [spice-gtk] usb-acl-helper: Clear environment", + "refsource": "MLIST", + "url": "http://www.spinics.net/lists/spice-devel/msg01940.html" + }, + { + "name": "[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/17/2" + }, + { + "name": "[scm-commits] 20120914 [spice-gtk/f18] Add patch fixing CVE 2012-4425", + "refsource": "MLIST", + "url": "http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051" + }, + { + "name": "21323", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/21323" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=857283", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857283" + }, + { + "name": "[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/14/2" + }, + { + "name": "55555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55555" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4615.json b/2012/4xxx/CVE-2012-4615.json index f3bb68ca9d3..ed68739967a 100644 --- a/2012/4xxx/CVE-2012-4615.json +++ b/2012/4xxx/CVE-2012-4615.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html" - }, - { - "name" : "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html" - }, - { - "name" : "56682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56682" - }, - { - "name" : "87878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87878" - }, - { - "name" : "1027812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027812" - }, - { - "name" : "51408", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87878", + "refsource": "OSVDB", + "url": "http://osvdb.org/87878" + }, + { + "name": "1027812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027812" + }, + { + "name": "51408", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51408" + }, + { + "name": "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html" + }, + { + "name": "56682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56682" + }, + { + "name": "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5390.json b/2012/5xxx/CVE-2012-5390.json index 51e79a50881..864ef034c24 100644 --- a/2012/5xxx/CVE-2012-5390.json +++ b/2012/5xxx/CVE-2012-5390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html", - "refsource" : "CONFIRM", - "url" : "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html" - }, - { - "name" : "57328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57328" - }, - { - "name" : "51862", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html", + "refsource": "CONFIRM", + "url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html" + }, + { + "name": "57328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57328" + }, + { + "name": "51862", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51862" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5439.json b/2012/5xxx/CVE-2012-5439.json index b73d6fa2187..da0cd9fcf28 100644 --- a/2012/5xxx/CVE-2012-5439.json +++ b/2012/5xxx/CVE-2012-5439.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5439", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5439", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5468.json b/2012/5xxx/CVE-2012-5468.json index db4728f0519..4e00ddb6cc3 100644 --- a/2012/5xxx/CVE-2012-5468.json +++ b/2012/5xxx/CVE-2012-5468.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121204 CVE-2012-5468: bogofilter-SA-2012-01", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/03/13" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=883358", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=883358" - }, - { - "name" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01" - }, - { - "name" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973" - }, - { - "name" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975" - }, - { - "name" : "DSA-2585", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2585" - }, - { - "name" : "MDVSA-2013:064", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:064" - }, - { - "name" : "56804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56804" - }, - { - "name" : "51334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51334" - }, - { - "name" : "51521", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51521" - }, - { - "name" : "bogofilter-bogolexer-base64-dos(80524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2013:064", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:064" + }, + { + "name": "[oss-security] 20121204 CVE-2012-5468: bogofilter-SA-2012-01", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/03/13" + }, + { + "name": "51521", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51521" + }, + { + "name": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01", + "refsource": "CONFIRM", + "url": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01" + }, + { + "name": "56804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56804" + }, + { + "name": "DSA-2585", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2585" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=883358", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883358" + }, + { + "name": "51334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51334" + }, + { + "name": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973", + "refsource": "CONFIRM", + "url": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973" + }, + { + "name": "bogofilter-bogolexer-base64-dos(80524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80524" + }, + { + "name": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975", + "refsource": "CONFIRM", + "url": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3100.json b/2017/3xxx/CVE-2017-3100.json index 3d1228b48ea..3d938eee5cc 100644 --- a/2017/3xxx/CVE-2017-3100.json +++ b/2017/3xxx/CVE-2017-3100.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 26.0.0.131 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 26.0.0.131 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 26.0.0.131 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 26.0.0.131 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1731" - }, - { - "name" : "99523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99523" - }, - { - "name" : "1038845", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038845", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038845" + }, + { + "name": "99523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99523" + }, + { + "name": "RHSA-2017:1731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1731" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3102.json b/2017/3xxx/CVE-2017-3102.json index 35a5c8c9159..7fb34b4408b 100644 --- a/2017/3xxx/CVE-2017-3102.json +++ b/2017/3xxx/CVE-2017-3102.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Connect 9.6.1 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Connect 9.6.1 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Connect 9.6.1 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Connect 9.6.1 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/connect/apsb17-22.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/connect/apsb17-22.html" - }, - { - "name" : "99517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99517" - }, - { - "name" : "1038846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99517" + }, + { + "name": "https://helpx.adobe.com/security/products/connect/apsb17-22.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/connect/apsb17-22.html" + }, + { + "name": "1038846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038846" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3849.json b/2017/3xxx/CVE-2017-3849.json index 7e0267dd73a..0fd82f8dcce 100644 --- a/2017/3xxx/CVE-2017-3849.json +++ b/2017/3xxx/CVE-2017-3849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20 Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani" - }, - { - "name" : "96972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96972" - }, - { - "name" : "1038064", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani" + }, + { + "name": "96972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96972" + }, + { + "name": "1038064", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038064" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6184.json b/2017/6xxx/CVE-2017-6184.json index 07531b2c0d8..d58bc0c8f62 100644 --- a/2017/6xxx/CVE-2017-6184.json +++ b/2017/6xxx/CVE-2017-6184.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html", - "refsource" : "CONFIRM", - "url" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html" - }, - { - "name" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2", - "refsource" : "CONFIRM", - "url" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2" - }, - { - "name" : "97261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html", + "refsource": "CONFIRM", + "url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html" + }, + { + "name": "97261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97261" + }, + { + "name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2", + "refsource": "CONFIRM", + "url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6578.json b/2017/6xxx/CVE-2017-6578.json index 7bf5b088888..bbc0f949878 100644 --- a/2017/6xxx/CVE-2017-6578.json +++ b/2017/6xxx/CVE-2017-6578.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", - "refsource" : "MISC", - "url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" - }, - { - "name" : "96783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96783" + }, + { + "name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", + "refsource": "MISC", + "url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7723.json b/2017/7xxx/CVE-2017-7723.json index 08670793f74..a48a5d52a2a 100644 --- a/2017/7xxx/CVE-2017-7723.json +++ b/2017/7xxx/CVE-2017-7723.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/easy-wp-smtp/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/easy-wp-smtp/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/easy-wp-smtp/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/easy-wp-smtp/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8342.json b/2017/8xxx/CVE-2017-8342.json index f2ee3aff0d0..57bae0d7d29 100644 --- a/2017/8xxx/CVE-2017-8342.json +++ b/2017/8xxx/CVE-2017-8342.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/861514", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/861514" - }, - { - "name" : "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst", - "refsource" : "CONFIRM", - "url" : "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst" - }, - { - "name" : "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d", - "refsource" : "CONFIRM", - "url" : "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d" - }, - { - "name" : "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b", - "refsource" : "CONFIRM", - "url" : "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst", + "refsource": "CONFIRM", + "url": "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst" + }, + { + "name": "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d", + "refsource": "CONFIRM", + "url": "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d" + }, + { + "name": "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b", + "refsource": "CONFIRM", + "url": "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b" + }, + { + "name": "https://bugs.debian.org/861514", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/861514" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8522.json b/2017/8xxx/CVE-2017-8522.json index 3026cfa4330..638697de62d 100644 --- a/2017/8xxx/CVE-2017-8522.json +++ b/2017/8xxx/CVE-2017-8522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft browsers", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft browsers", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522" - }, - { - "name" : "98926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98926" - }, - { - "name" : "1038673", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522" + }, + { + "name": "98926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98926" + }, + { + "name": "1038673", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038673" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8997.json b/2017/8xxx/CVE-2017-8997.json index 78b2736e4a4..9c21290cdea 100644 --- a/2017/8xxx/CVE-2017-8997.json +++ b/2017/8xxx/CVE-2017-8997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8997", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8997", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10121.json b/2018/10xxx/CVE-2018-10121.json index bde027f6fa6..f2dc0065dee 100644 --- a/2018/10xxx/CVE-2018-10121.json +++ b/2018/10xxx/CVE-2018-10121.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/437", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/437", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/437" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10242.json b/2018/10xxx/CVE-2018-10242.json index 296bcddab98..517029cc9f0 100644 --- a/2018/10xxx/CVE-2018-10242.json +++ b/2018/10xxx/CVE-2018-10242.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10242", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10242", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10884.json b/2018/10xxx/CVE-2018-10884.json index 549c608055b..8540780987d 100644 --- a/2018/10xxx/CVE-2018-10884.json +++ b/2018/10xxx/CVE-2018-10884.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-10884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ansible-tower", - "version" : { - "version_data" : [ - { - "version_value" : "3.1.8" - }, - { - "version_value" : "3.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ansible-tower", + "version": { + "version_data": [ + { + "version_value": "3.1.8" + }, + { + "version_value": "3.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884" - }, - { - "name" : "105136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105136" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10893.json b/2018/10xxx/CVE-2018-10893.json index fb7f8782c1d..e1776002813 100644 --- a/2018/10xxx/CVE-2018-10893.json +++ b/2018/10xxx/CVE-2018-10893.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "spice-client", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "spice-client", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", + "version": "3.0" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type", - "refsource" : "MLIST", - "url" : "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893" + }, + { + "name": "[spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type", + "refsource": "MLIST", + "url": "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13099.json b/2018/13xxx/CVE-2018-13099.json index c4d273e66a5..23b497def55 100644 --- a/2018/13xxx/CVE-2018-13099.json +++ b/2018/13xxx/CVE-2018-13099.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200179", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200179" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a" - }, - { - "name" : "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/" - }, - { - "name" : "DSA-4308", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4308" - }, - { - "name" : "104680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html" + }, + { + "name": "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/" + }, + { + "name": "104680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104680" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a" + }, + { + "name": "DSA-4308", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4308" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200179", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200179" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13122.json b/2018/13xxx/CVE-2018-13122.json index 517fad7f418..4136a129b6a 100644 --- a/2018/13xxx/CVE-2018-13122.json +++ b/2018/13xxx/CVE-2018-13122.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Self-Evident/OneFileCMS/issues/49", - "refsource" : "MISC", - "url" : "https://github.com/Self-Evident/OneFileCMS/issues/49" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Self-Evident/OneFileCMS/issues/49", + "refsource": "MISC", + "url": "https://github.com/Self-Evident/OneFileCMS/issues/49" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13153.json b/2018/13xxx/CVE-2018-13153.json index 39b079283d8..9e0a452a899 100644 --- a/2018/13xxx/CVE-2018-13153.json +++ b/2018/13xxx/CVE-2018-13153.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1195", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1195" - }, - { - "name" : "USN-3711-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3711-1/" - }, - { - "name" : "104687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104687" - }, - { - "name" : "1041219", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1195", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1195" + }, + { + "name": "1041219", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041219" + }, + { + "name": "USN-3711-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3711-1/" + }, + { + "name": "104687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104687" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17142.json b/2018/17xxx/CVE-2018-17142.json index 8aa52954c9d..ef52c15b804 100644 --- a/2018/17xxx/CVE-2018-17142.json +++ b/2018/17xxx/CVE-2018-17142.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The html package (aka x/net/html) through 2018-09-17 in Go mishandles