diff --git a/2002/1xxx/CVE-2002-1643.json b/2002/1xxx/CVE-2002-1643.json index 25fcd051c2d..f6b32e2cf0e 100644 --- a/2002/1xxx/CVE-2002-1643.json +++ b/2002/1xxx/CVE-2002-1643.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021220 RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/304203" - }, - { - "name" : "http://www.nextgenss.com/advisories/realhelix.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/realhelix.txt" - }, - { - "name" : "http://www.service.real.com/help/faq/security/bufferoverrun12192002.html", - "refsource" : "CONFIRM", - "url" : "http://www.service.real.com/help/faq/security/bufferoverrun12192002.html" - }, - { - "name" : "VU#974689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/974689" - }, - { - "name" : "6454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6454" - }, - { - "name" : "6456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6456" - }, - { - "name" : "6458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6458" - }, - { - "name" : "helix-rtsp-setup-bo(10915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10915" - }, - { - "name" : "helix-rtsp-describe-bo(10916)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10916" - }, - { - "name" : "helix-http-get-bo(10917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.service.real.com/help/faq/security/bufferoverrun12192002.html", + "refsource": "CONFIRM", + "url": "http://www.service.real.com/help/faq/security/bufferoverrun12192002.html" + }, + { + "name": "helix-rtsp-describe-bo(10916)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10916" + }, + { + "name": "VU#974689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/974689" + }, + { + "name": "20021220 RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/304203" + }, + { + "name": "helix-rtsp-setup-bo(10915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10915" + }, + { + "name": "6454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6454" + }, + { + "name": "6456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6456" + }, + { + "name": "6458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6458" + }, + { + "name": "http://www.nextgenss.com/advisories/realhelix.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/realhelix.txt" + }, + { + "name": "helix-http-get-bo(10917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10917" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0056.json b/2003/0xxx/CVE-2003-0056.json index 2193e0d2f52..7a9ecf67fa7 100644 --- a/2003/0xxx/CVE-2003-0056.json +++ b/2003/0xxx/CVE-2003-0056.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104342864418213&w=2" - }, - { - "name" : "20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104348607205691&w=2" - }, - { - "name" : "http://www.usg.org.uk/advisories/2003.001.txt", - "refsource" : "MISC", - "url" : "http://www.usg.org.uk/advisories/2003.001.txt" - }, - { - "name" : "CSSA-2003-009.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt" - }, - { - "name" : "CLA-2003:643", - "refsource" : "CONECTIVA", - "url" : "http://www.net-security.org/advisory.php?id=2010" - }, - { - "name" : "MDKSA-2003:015", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:015" - }, - { - "name" : "DSA-252", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-252" - }, - { - "name" : "20030202 GLSA: slocate", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104428624705363&w=2" - }, - { - "name" : "RHSA-2004:041", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-041.html" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "oval:org.mitre.oval:def:11369", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369" - }, - { - "name" : "7982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7982" - }, - { - "name" : "8007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8007" - }, - { - "name" : "8236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8236" - }, - { - "name" : "10720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10720" - }, - { - "name" : "7947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7947" - }, - { - "name" : "8118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8118/" - }, - { - "name" : "8749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8236" + }, + { + "name": "CLA-2003:643", + "refsource": "CONECTIVA", + "url": "http://www.net-security.org/advisory.php?id=2010" + }, + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "7982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7982" + }, + { + "name": "http://www.usg.org.uk/advisories/2003.001.txt", + "refsource": "MISC", + "url": "http://www.usg.org.uk/advisories/2003.001.txt" + }, + { + "name": "MDKSA-2003:015", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:015" + }, + { + "name": "10720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10720" + }, + { + "name": "DSA-252", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-252" + }, + { + "name": "20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104348607205691&w=2" + }, + { + "name": "20030202 GLSA: slocate", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104428624705363&w=2" + }, + { + "name": "8118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8118/" + }, + { + "name": "oval:org.mitre.oval:def:11369", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369" + }, + { + "name": "RHSA-2004:041", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-041.html" + }, + { + "name": "20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104342864418213&w=2" + }, + { + "name": "8749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8749" + }, + { + "name": "CSSA-2003-009.0", + "refsource": "CALDERA", + "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt" + }, + { + "name": "7947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7947" + }, + { + "name": "8007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8007" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0565.json b/2003/0xxx/CVE-2003-0565.json index c95bff7b911..86be854e594 100644 --- a/2003/0xxx/CVE-2003-0565.json +++ b/2003/0xxx/CVE-2003-0565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm" - }, - { - "name" : "VU#927278", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#927278", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927278" + }, + { + "name": "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0728.json b/2003/0xxx/CVE-2003-0728.json index 56ec4b24126..a51c0993835 100644 --- a/2003/0xxx/CVE-2003-0728.json +++ b/2003/0xxx/CVE-2003-0728.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030813 PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106081310531567&w=2" - }, - { - "name" : "20030901 GLSA: horde (200309-02)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106252836330987&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030813 PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106081310531567&w=2" + }, + { + "name": "20030901 GLSA: horde (200309-02)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106252836330987&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0759.json b/2003/0xxx/CVE-2003-0759.json index ae10788d00e..ead56c46757 100644 --- a/2003/0xxx/CVE-2003-0759.json +++ b/2003/0xxx/CVE-2003-0759.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106389919618721&w=2" - }, - { - "name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10" - }, - { - "name" : "IY47653", - "refsource" : "AIXAPAR", - "url" : "http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/aparlib.d2w/display_apar_details?aparno=IY47653" - }, - { - "name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt" - }, - { - "name" : "N-154", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-154.shtml" - }, - { - "name" : "8553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8553" + }, + { + "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt" + }, + { + "name": "IY47653", + "refsource": "AIXAPAR", + "url": "http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/aparlib.d2w/display_apar_details?aparno=IY47653" + }, + { + "name": "N-154", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-154.shtml" + }, + { + "name": "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html" + }, + { + "name": "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106389919618721&w=2" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1050.json b/2003/1xxx/CVE-2003-1050.json index 2bf1d389002..81f79c045ec 100644 --- a/2003/1xxx/CVE-2003-1050.json +++ b/2003/1xxx/CVE-2003-1050.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343804" - }, - { - "name" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", - "refsource" : "MISC", - "url" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt" - }, - { - "name" : "8990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8990" - }, - { - "name" : "db2-multiple-binaries-bo(13633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "db2-multiple-binaries-bo(13633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633" + }, + { + "name": "8990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8990" + }, + { + "name": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt", + "refsource": "MISC", + "url": "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt" + }, + { + "name": "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343804" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1418.json b/2003/1xxx/CVE-2003-1418.json index 3c04bd16ad9..28011b42cc5 100644 --- a/2003/1xxx/CVE-2003-1418.json +++ b/2003/1xxx/CVE-2003-1418.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "[3.2] 008: SECURITY FIX: February 25, 2003", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata32.html" - }, - { - "name" : "6939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6939" - }, - { - "name" : "6943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6943" - }, - { - "name" : "apache-mime-information-disclosure(11438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "[3.2] 008: SECURITY FIX: February 25, 2003", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata32.html" + }, + { + "name": "6939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6939" + }, + { + "name": "6943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6943" + }, + { + "name": "apache-mime-information-disclosure(11438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11438" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1594.json b/2003/1xxx/CVE-2003-1594.json index 4262d9e0084..0e2449f3a9a 100644 --- a/2003/1xxx/CVE-2003-1594.json +++ b/2003/1xxx/CVE-2003-1594.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0167.json b/2004/0xxx/CVE-2004-0167.json index 7dacbb4f3eb..e62bda618da 100644 --- a/2004/0xxx/CVE-2004-0167.json +++ b/2004/0xxx/CVE-2004-0167.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-02-23", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" - }, - { - "name" : "VU#578886", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/578886" - }, - { - "name" : "9731", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9731" - }, - { - "name" : "6824", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6824" - }, - { - "name" : "10959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10959" - }, - { - "name" : "macos-diskarbitration-unknown(15300)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10959" + }, + { + "name": "APPLE-SA-2004-02-23", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" + }, + { + "name": "9731", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9731" + }, + { + "name": "VU#578886", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/578886" + }, + { + "name": "6824", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6824" + }, + { + "name": "macos-diskarbitration-unknown(15300)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15300" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0333.json b/2004/0xxx/CVE-2004-0333.json index 62be601a7a5..5cca4118f19 100644 --- a/2004/0xxx/CVE-2004-0333.json +++ b/2004/0xxx/CVE-2004-0333.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040227 WinZip MIME Parsing Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true" - }, - { - "name" : "http://www.winzip.com/fmwz90.htm", - "refsource" : "CONFIRM", - "url" : "http://www.winzip.com/fmwz90.htm" - }, - { - "name" : "http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html", - "refsource" : "CONFIRM", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html" - }, - { - "name" : "VU#116182", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/116182" - }, - { - "name" : "O-092", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-092.shtml" - }, - { - "name" : "9758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9758" - }, - { - "name" : "4119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4119" - }, - { - "name" : "10995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10995" - }, - { - "name" : "11019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11019" - }, - { - "name" : "uudeview-multiple-bo(15490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15490" - }, - { - "name" : "winzip-mime-bo(15336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "uudeview-multiple-bo(15490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15490" + }, + { + "name": "4119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4119" + }, + { + "name": "9758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9758" + }, + { + "name": "10995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10995" + }, + { + "name": "O-092", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-092.shtml" + }, + { + "name": "http://www.winzip.com/fmwz90.htm", + "refsource": "CONFIRM", + "url": "http://www.winzip.com/fmwz90.htm" + }, + { + "name": "VU#116182", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/116182" + }, + { + "name": "http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html", + "refsource": "CONFIRM", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html" + }, + { + "name": "winzip-mime-bo(15336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15336" + }, + { + "name": "20040227 WinZip MIME Parsing Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true" + }, + { + "name": "11019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11019" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0440.json b/2004/0xxx/CVE-2004-0440.json index b467eeb6abe..22b8fdb8234 100644 --- a/2004/0xxx/CVE-2004-0440.json +++ b/2004/0xxx/CVE-2004-0440.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0440", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0440", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0768.json b/2004/0xxx/CVE-2004-0768.json index f87297d074b..2a6b934d84d 100644 --- a/2004/0xxx/CVE-2004-0768.json +++ b/2004/0xxx/CVE-2004-0768.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-536", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-536" - }, - { - "name" : "FLSA:1943", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1943" - }, - { - "name" : "GLSA-200812-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-15.xml" - }, - { - "name" : "33137", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33137" - }, - { - "name" : "libpng-offset-bo(16914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FLSA:1943", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943" + }, + { + "name": "DSA-536", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-536" + }, + { + "name": "GLSA-200812-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-15.xml" + }, + { + "name": "libpng-offset-bo(16914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16914" + }, + { + "name": "33137", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33137" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2020.json b/2004/2xxx/CVE-2004-2020.json index ddac8389ff8..c3b1737f699 100644 --- a/2004/2xxx/CVE-2004-2020.json +++ b/2004/2xxx/CVE-2004-2020.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108482957715299&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=29", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=29" - }, - { - "name" : "10367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10367" - }, - { - "name" : "6225", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6225" - }, - { - "name" : "6226", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6226" - }, - { - "name" : "11625", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11625" - }, - { - "name" : "phpnuke-multi-xss(16172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=29", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=29" + }, + { + "name": "6226", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6226" + }, + { + "name": "10367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10367" + }, + { + "name": "20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108482957715299&w=2" + }, + { + "name": "6225", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6225" + }, + { + "name": "phpnuke-multi-xss(16172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16172" + }, + { + "name": "11625", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11625" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2175.json b/2004/2xxx/CVE-2004-2175.json index 607495cfee9..5ab036f4877 100644 --- a/2004/2xxx/CVE-2004-2175.json +++ b/2004/2xxx/CVE-2004-2175.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040204 ZH2004-04SA (security advisory): Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/352598" - }, - { - "name" : "http://www.zone-h.org/en/advisories/read/id=3864/", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/en/advisories/read/id=3864/" - }, - { - "name" : "9574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9574" - }, - { - "name" : "10786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10786/" - }, - { - "name" : "reviewpostpro-showproduct-sql-injection(15035)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9574" + }, + { + "name": "reviewpostpro-showproduct-sql-injection(15035)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15035" + }, + { + "name": "10786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10786/" + }, + { + "name": "http://www.zone-h.org/en/advisories/read/id=3864/", + "refsource": "MISC", + "url": "http://www.zone-h.org/en/advisories/read/id=3864/" + }, + { + "name": "20040204 ZH2004-04SA (security advisory): Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/352598" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2373.json b/2008/2xxx/CVE-2008-2373.json index ecd58dba459..c5364939e6e 100644 --- a/2008/2xxx/CVE-2008-2373.json +++ b/2008/2xxx/CVE-2008-2373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2373", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2863. Reason: This candidate is a reservation duplicate of CVE-2008-2863. Notes: All CVE users should reference CVE-2008-2863 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-2373", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2863. Reason: This candidate is a reservation duplicate of CVE-2008-2863. Notes: All CVE users should reference CVE-2008-2863 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2598.json b/2008/2xxx/CVE-2008-2598.json index 811a126e808..b34341178c7 100644 --- a/2008/2xxx/CVE-2008-2598.json +++ b/2008/2xxx/CVE-2008-2598.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2599." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020493" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2597 and CVE-2008-2599." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + }, + { + "name": "1020493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020493" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2743.json b/2008/2xxx/CVE-2008-2743.json index 851d2d0c822..22e83bd42e8 100644 --- a/2008/2xxx/CVE-2008-2743.json +++ b/2008/2xxx/CVE-2008-2743.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_007.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_007.pdf" - }, - { - "name" : "29690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29690" - }, - { - "name" : "ADV-2008-1829", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1829/references" - }, - { - "name" : "1020282", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020282" - }, - { - "name" : "30639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30639" - }, - { - "name" : "xerox-copierprinter-webserver-xss(43058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1829", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1829/references" + }, + { + "name": "xerox-copierprinter-webserver-xss(43058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43058" + }, + { + "name": "29690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29690" + }, + { + "name": "1020282", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020282" + }, + { + "name": "30639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30639" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_007.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_007.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2747.json b/2008/2xxx/CVE-2008-2747.json index a4117dbc89d..c7a31dce130 100644 --- a/2008/2xxx/CVE-2008-2747.json +++ b/2008/2xxx/CVE-2008-2747.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\\SOFTWARE\\Vitalwerks\\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080616 DUC NO-IP Local Password Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493367/100/0/threaded" - }, - { - "name" : "29758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29758" - }, - { - "name" : "30714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30714" - }, - { - "name" : "3952", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3952" - }, - { - "name" : "noipduc-duc-info-disclosure(43298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\\SOFTWARE\\Vitalwerks\\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Username, (3) Password, and (4) Hosts registry values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29758" + }, + { + "name": "30714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30714" + }, + { + "name": "3952", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3952" + }, + { + "name": "20080616 DUC NO-IP Local Password Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493367/100/0/threaded" + }, + { + "name": "noipduc-duc-info-disclosure(43298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43298" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2904.json b/2008/2xxx/CVE-2008-2904.json index d5205555733..ce2cf56e4d5 100644 --- a/2008/2xxx/CVE-2008-2904.json +++ b/2008/2xxx/CVE-2008-2904.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5812", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5812" - }, - { - "name" : "29726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29726" - }, - { - "name" : "30679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30679" - }, - { - "name" : "phpmycart-shop-sql-injection(43084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5812", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5812" + }, + { + "name": "phpmycart-shop-sql-injection(43084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43084" + }, + { + "name": "29726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29726" + }, + { + "name": "30679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30679" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0411.json b/2012/0xxx/CVE-2012-0411.json index cd6021eb55d..f64ccc5a790 100644 --- a/2012/0xxx/CVE-2012-0411.json +++ b/2012/0xxx/CVE-2012-0411.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7008708", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7008708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7008708", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7008708" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0773.json b/2012/0xxx/CVE-2012-0773.json index b7a96996c61..91546a094d5 100644 --- a/2012/0xxx/CVE-2012-0773.json +++ b/2012/0xxx/CVE-2012-0773.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-07.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-07.html" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "SUSE-SU-2012:0437", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.html" - }, - { - "name" : "openSUSE-SU-2012:0427", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.html" - }, - { - "name" : "oval:org.mitre.oval:def:15391", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15391" - }, - { - "name" : "oval:org.mitre.oval:def:16157", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16157" - }, - { - "name" : "1026859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026859" - }, - { - "name" : "48618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48618" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - }, - { - "name" : "48652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48652" + }, + { + "name": "openSUSE-SU-2012:0427", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-07.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-07.html" + }, + { + "name": "48618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48618" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "SUSE-SU-2012:0437", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.html" + }, + { + "name": "oval:org.mitre.oval:def:15391", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15391" + }, + { + "name": "oval:org.mitre.oval:def:16157", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16157" + }, + { + "name": "1026859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026859" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1462.json b/2012/1xxx/CVE-2012-1462.json index c764d49f452..46deeed86b6 100644 --- a/2012/1xxx/CVE-2012-1462.json +++ b/2012/1xxx/CVE-2012-1462.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52613" - }, - { - "name" : "multiple-av-zip-file-evasion(74310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "multiple-av-zip-file-evasion(74310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74310" + }, + { + "name": "52613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52613" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1598.json b/2012/1xxx/CVE-2012-1598.json index 8c55bd56738..44a7d9950e6 100644 --- a/2012/1xxx/CVE-2012-1598.json +++ b/2012/1xxx/CVE-2012-1598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to \"insufficient randomness\" and a \"password reset vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120328 Re: CVE-request: Joomla 20120305 / 20120306", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/29/5" - }, - { - "name" : "[oss-security] 20120827 Re: CVE request: joomla before 1.5.26 password change", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/27/6" - }, - { - "name" : "http://developer.joomla.org/security/news/396-20120305-core-password-change.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/396-20120305-core-password-change.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to \"insufficient randomness\" and a \"password reset vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120827 Re: CVE request: joomla before 1.5.26 password change", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/27/6" + }, + { + "name": "[oss-security] 20120328 Re: CVE-request: Joomla 20120305 / 20120306", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/29/5" + }, + { + "name": "http://developer.joomla.org/security/news/396-20120305-core-password-change.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/396-20120305-core-password-change.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1612.json b/2012/1xxx/CVE-2012-1612.json index 1edafc90d0b..845fd208b72 100644 --- a/2012/1xxx/CVE-2012-1612.json +++ b/2012/1xxx/CVE-2012-1612.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120403 CVE-request: Joomla 2012-04 398-20120307 399-20120308", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/03/3" - }, - { - "name" : "[oss-security] 20120403 Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/03/5" - }, - { - "name" : "http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html" - }, - { - "name" : "52859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52859" - }, - { - "name" : "80880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80880" - }, - { - "name" : "48683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120403 Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/03/5" + }, + { + "name": "52859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52859" + }, + { + "name": "80880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80880" + }, + { + "name": "http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html" + }, + { + "name": "[oss-security] 20120403 CVE-request: Joomla 2012-04 398-20120307 399-20120308", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/03/3" + }, + { + "name": "48683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48683" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1855.json b/2012/1xxx/CVE-2012-1855.json index a4ca7ca9e8e..0753c06fd5e 100644 --- a/2012/1xxx/CVE-2012-1855.json +++ b/2012/1xxx/CVE-2012-1855.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \".NET Framework Memory Access Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-038", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-038" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14717", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \".NET Framework Memory Access Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "oval:org.mitre.oval:def:14717", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14717" + }, + { + "name": "MS12-038", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-038" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5185.json b/2012/5xxx/CVE-2012-5185.json index 72fb0e3f1f2..577d7b02ccd 100644 --- a/2012/5xxx/CVE-2012-5185.json +++ b/2012/5xxx/CVE-2012-5185.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-5185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://itunes.apple.com/us/app/documents-pro/id374142847", - "refsource" : "MISC", - "url" : "https://itunes.apple.com/us/app/documents-pro/id374142847" - }, - { - "name" : "JVN#52197991", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN52197991/index.html" - }, - { - "name" : "JVNDB-2013-000002", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://itunes.apple.com/us/app/documents-pro/id374142847", + "refsource": "MISC", + "url": "https://itunes.apple.com/us/app/documents-pro/id374142847" + }, + { + "name": "JVNDB-2013-000002", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000002" + }, + { + "name": "JVN#52197991", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN52197991/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5203.json b/2012/5xxx/CVE-2012-5203.json index 4e4df2f1e3f..afd59002632 100644 --- a/2012/5xxx/CVE-2012-5203.json +++ b/2012/5xxx/CVE-2012-5203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1613." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-5203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBGN02854", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" - }, - { - "name" : "SSRT101015", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" - }, - { - "name" : "SSRT100881", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136268852804156&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1613." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100881", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136268852804156&w=2" + }, + { + "name": "HPSBGN02854", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" + }, + { + "name": "SSRT101015", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11329.json b/2017/11xxx/CVE-2017-11329.json index 5e9e0b36aee..8fcde1f29c0 100644 --- a/2017/11xxx/CVE-2017-11329.json +++ b/2017/11xxx/CVE-2017-11329.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/glpi-project/glpi/issues/2456", - "refsource" : "CONFIRM", - "url" : "https://github.com/glpi-project/glpi/issues/2456" - }, - { - "name" : "https://github.com/glpi-project/glpi/releases/tag/9.1.5", - "refsource" : "CONFIRM", - "url" : "https://github.com/glpi-project/glpi/releases/tag/9.1.5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/glpi-project/glpi/issues/2456", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/issues/2456" + }, + { + "name": "https://github.com/glpi-project/glpi/releases/tag/9.1.5", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/releases/tag/9.1.5" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11764.json b/2017/11xxx/CVE-2017-11764.json index cc7a0c835a2..e03a81a3dba 100644 --- a/2017/11xxx/CVE-2017-11764.json +++ b/2017/11xxx/CVE-2017-11764.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-11764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-11764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42765", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42765/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764" - }, - { - "name" : "100726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100726" - }, - { - "name" : "1039342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42765", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42765/" + }, + { + "name": "1039342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039342" + }, + { + "name": "100726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100726" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11764" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3689.json b/2017/3xxx/CVE-2017-3689.json index 8ff629880a9..f5b3d75230b 100644 --- a/2017/3xxx/CVE-2017-3689.json +++ b/2017/3xxx/CVE-2017-3689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3689", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3748.json b/2017/3xxx/CVE-2017-3748.json index 728571cc2da..25c4c9ad408 100644 --- a/2017/3xxx/CVE-2017-3748.json +++ b/2017/3xxx/CVE-2017-3748.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2017-06-22T00:00:00", - "ID" : "CVE-2017-3748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo Vibe and Lenovo China-only Moto Mobile Phones", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or \"jail breaking\" a device)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2017-06-22T00:00:00", + "ID": "CVE-2017-3748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo Vibe and Lenovo China-only Moto Mobile Phones", + "version": { + "version_data": [ + { + "version_value": "Earlier than 6.0" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-15823", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-15823" - }, - { - "name" : "99295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or \"jail breaking\" a device)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99295" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-15823", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-15823" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3808.json b/2017/3xxx/CVE-2017-3808.json index 423df90a02a..207f97c9b0d 100644 --- a/2017/3xxx/CVE-2017-3808.json +++ b/2017/3xxx/CVE-2017-3808.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm" - }, - { - "name" : "97922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97922" - }, - { - "name" : "1038318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpectedly. The device and services will restart automatically. This vulnerability affects Cisco Unified Communications Manager (CallManager) releases prior to the first fixed release; the following list indicates the first minor release that includes the fix for this vulnerability: 10.5.2.14900-16 11.0.1.23900-5 11.5.1.12900-2. Cisco Bug IDs: CSCuz72455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038318" + }, + { + "name": "97922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97922" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3954.json b/2017/3xxx/CVE-2017-3954.json index bed9da7dbd1..7bff64d079f 100644 --- a/2017/3xxx/CVE-2017-3954.json +++ b/2017/3xxx/CVE-2017-3954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3954", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3954", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6660.json b/2017/6xxx/CVE-2017-6660.json index bdff562f1be..c5bc660f34d 100644 --- a/2017/6xxx/CVE-2017-6660.json +++ b/2017/6xxx/CVE-2017-6660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6660", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6660", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7820.json b/2017/7xxx/CVE-2017-7820.json index 3fa03d4c223..d90d449740a 100644 --- a/2017/7xxx/CVE-2017-7820.json +++ b/2017/7xxx/CVE-2017-7820.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"instanceof\" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Xray wrapper bypass with new tab and web console" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1378207", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1378207" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "101057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101057" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"instanceof\" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Xray wrapper bypass with new tab and web console" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378207", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378207" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "101057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101057" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7832.json b/2017/7xxx/CVE-2017-7832.json index 6a7adff6561..3c0051a9a2c 100644 --- a/2017/7xxx/CVE-2017-7832.json +++ b/2017/7xxx/CVE-2017-7832.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "57" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Domain spoofing through use of dotless 'i' character followed by accent markers" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "57" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1408782", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1408782" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" - }, - { - "name" : "101832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101832" - }, - { - "name" : "1039803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Domain spoofing through use of dotless 'i' character followed by accent markers" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" + }, + { + "name": "101832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101832" + }, + { + "name": "1039803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039803" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408782", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408782" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8060.json b/2017/8xxx/CVE-2017-8060.json index dfc66a68eff..9307c8e191a 100644 --- a/2017/8xxx/CVE-2017-8060.json +++ b/2017/8xxx/CVE-2017-8060.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Acceptance of invalid/self-signed TLS certificates in \"Panda Mobile Security\" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - }, - { - "name" : "98327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Acceptance of invalid/self-signed TLS certificates in \"Panda Mobile Security\" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98327" + }, + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8090.json b/2017/8xxx/CVE-2017-8090.json index 46b8a775176..b9ddd2f0970 100644 --- a/2017/8xxx/CVE-2017-8090.json +++ b/2017/8xxx/CVE-2017-8090.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8090", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8090", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8515.json b/2017/8xxx/CVE-2017-8515.json index d2e02e0b024..1951027fa14 100644 --- a/2017/8xxx/CVE-2017-8515.json +++ b/2017/8xxx/CVE-2017-8515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka \"Windows VAD Cloning Denial of Service Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8515", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8515" - }, - { - "name" : "98833", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka \"Windows VAD Cloning Denial of Service Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98833", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98833" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8515", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8515" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10726.json b/2018/10xxx/CVE-2018-10726.json index be6c71288f7..9b1c7590d75 100644 --- a/2018/10xxx/CVE-2018-10726.json +++ b/2018/10xxx/CVE-2018-10726.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an \"Edit page\" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/datenstrom/yellow/issues/321", - "refsource" : "MISC", - "url" : "https://github.com/datenstrom/yellow/issues/321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** A stored XSS vulnerability was found in Datenstrom Yellow 0.7.3 via an \"Edit page\" action. NOTE: the vendor disputes the relevance of this report because an installation accessible to untrusted users is supposed to have parserSafeMode=1 in system/config/config.ini to prevent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/datenstrom/yellow/issues/321", + "refsource": "MISC", + "url": "https://github.com/datenstrom/yellow/issues/321" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10731.json b/2018/10xxx/CVE-2018-10731.json index f6eb2ac0ab3..bf38a157bbd 100644 --- a/2018/10xxx/CVE-2018-10731.json +++ b/2018/10xxx/CVE-2018-10731.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02" - }, - { - "name" : "https://cert.vde.com/de-de/advisories/vde-2018-007", - "refsource" : "CONFIRM", - "url" : "https://cert.vde.com/de-de/advisories/vde-2018-007" - }, - { - "name" : "104231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-02" + }, + { + "name": "https://cert.vde.com/de-de/advisories/vde-2018-007", + "refsource": "CONFIRM", + "url": "https://cert.vde.com/de-de/advisories/vde-2018-007" + }, + { + "name": "104231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104231" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10959.json b/2018/10xxx/CVE-2018-10959.json index 8ebd15d0a58..df7af398f99 100644 --- a/2018/10xxx/CVE-2018-10959.json +++ b/2018/10xxx/CVE-2018-10959.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10959", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10959", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12416.json b/2018/12xxx/CVE-2018-12416.json index 1c6a86e7013..ff4234014d1 100644 --- a/2018/12xxx/CVE-2018-12416.json +++ b/2018/12xxx/CVE-2018-12416.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "DATE_PUBLIC" : "2018-11-13T17:00:00.000Z", - "ID" : "CVE-2018-12416", - "STATE" : "PUBLIC", - "TITLE" : "TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIBCO DataSynapse GridServer Manager", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_value" : "5.2.0" - }, - { - "affected" : "=", - "version_value" : "6.0.0" - }, - { - "affected" : "=", - "version_value" : "6.0.1" - }, - { - "affected" : "=", - "version_value" : "6.0.2" - }, - { - "affected" : "=", - "version_value" : "6.1.0" - }, - { - "affected" : "=", - "version_value" : "6.1.1" - }, - { - "affected" : "=", - "version_value" : "6.2.0" - }, - { - "affected" : "=", - "version_value" : "6.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "TIBCO Software Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.1, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "LOW", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected components." - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2018-11-13T17:00:00.000Z", + "ID": "CVE-2018-12416", + "STATE": "PUBLIC", + "TITLE": "TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO DataSynapse GridServer Manager", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "5.2.0" + }, + { + "affected": "=", + "version_value": "6.0.0" + }, + { + "affected": "=", + "version_value": "6.0.1" + }, + { + "affected": "=", + "version_value": "6.0.2" + }, + { + "affected": "=", + "version_value": "6.1.0" + }, + { + "affected": "=", + "version_value": "6.1.1" + }, + { + "affected": "=", + "version_value": "6.2.0" + }, + { + "affected": "=", + "version_value": "6.3.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager" - }, - { - "name" : "105913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105913" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to version 5.2.1 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 update to version 6.3.1 or higher\n\n" - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of this vulnerability includes the theoretical possibility that a malicious actor could gain full access to the web interface of the affected components." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105913" + }, + { + "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO DataSynapse GridServer Manager versions 5.2.0 and below update to version 5.2.1 or higher\nTIBCO DataSynapse GridServer Manager versions 6.0.x, 6.1.x, 6.2.x, and 6.3.0 update to version 6.3.1 or higher\n\n" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13368.json b/2018/13xxx/CVE-2018-13368.json index 53712ee4d10..d75c469cd2d 100644 --- a/2018/13xxx/CVE-2018-13368.json +++ b/2018/13xxx/CVE-2018-13368.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13368", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13368", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13421.json b/2018/13xxx/CVE-2018-13421.json index eb28da065bb..6168b56863b 100644 --- a/2018/13xxx/CVE-2018-13421.json +++ b/2018/13xxx/CVE-2018-13421.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67", - "refsource" : "MISC", - "url" : "https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67", + "refsource": "MISC", + "url": "https://github.com/ben-strasser/fast-cpp-csv-parser/issues/67" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13522.json b/2018/13xxx/CVE-2018-13522.json index 8487fbe7686..f3a1ce40615 100644 --- a/2018/13xxx/CVE-2018-13522.json +++ b/2018/13xxx/CVE-2018-13522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EXGROUP", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EXGROUP" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for EXGROUP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EXGROUP", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EXGROUP" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13872.json b/2018/13xxx/CVE-2018-13872.json index a290330a8f3..0b78fd8b306 100644 --- a/2018/13xxx/CVE-2018-13872.json +++ b/2018/13xxx/CVE-2018-13872.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17092.json b/2018/17xxx/CVE-2018-17092.json index d1254f4b7bd..4757421e61e 100644 --- a/2018/17xxx/CVE-2018-17092.json +++ b/2018/17xxx/CVE-2018-17092.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.safecomp.com/blog/donlinkage.html", - "refsource" : "MISC", - "url" : "http://www.safecomp.com/blog/donlinkage.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.safecomp.com/blog/donlinkage.html", + "refsource": "MISC", + "url": "http://www.safecomp.com/blog/donlinkage.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17135.json b/2018/17xxx/CVE-2018-17135.json index b1a0bf96d0a..453d54ad660 100644 --- a/2018/17xxx/CVE-2018-17135.json +++ b/2018/17xxx/CVE-2018-17135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17135", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17135", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17663.json b/2018/17xxx/CVE-2018-17663.json index 8027a956d78..c7dd272050b 100644 --- a/2018/17xxx/CVE-2018-17663.json +++ b/2018/17xxx/CVE-2018-17663.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1184/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1184/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the importData method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6517." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1184/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1184/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17975.json b/2018/17xxx/CVE-2018-17975.json index e57de21344b..6ff420be734 100644 --- a/2018/17xxx/CVE-2018-17975.json +++ b/2018/17xxx/CVE-2018-17975.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/50744", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/50744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50744", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50744" + }, + { + "name": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9429.json b/2018/9xxx/CVE-2018-9429.json index 15872ec46f6..92e4978ed1b 100644 --- a/2018/9xxx/CVE-2018-9429.json +++ b/2018/9xxx/CVE-2018-9429.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9429", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9429", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9821.json b/2018/9xxx/CVE-2018-9821.json index e575113181b..4293b9573cd 100644 --- a/2018/9xxx/CVE-2018-9821.json +++ b/2018/9xxx/CVE-2018-9821.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9821", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9821", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9996.json b/2018/9xxx/CVE-2018-9996.json index 279d18803a5..89df8f5998f 100644 --- a/2018/9xxx/CVE-2018-9996.json +++ b/2018/9xxx/CVE-2018-9996.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", - "refsource" : "MISC", - "url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304" - }, - { - "name" : "103733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304", + "refsource": "MISC", + "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304" + }, + { + "name": "103733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103733" + } + ] + } +} \ No newline at end of file