From adeccae3c145c328401585220dedf95ef13a24c1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:45:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0652.json | 140 +++++++++--------- 2002/0xxx/CVE-2002-0759.json | 150 ++++++++++---------- 2002/0xxx/CVE-2002-0797.json | 170 +++++++++++----------- 2002/0xxx/CVE-2002-0988.json | 140 +++++++++--------- 2002/1xxx/CVE-2002-1076.json | 180 ++++++++++++------------ 2002/1xxx/CVE-2002-1270.json | 140 +++++++++--------- 2002/1xxx/CVE-2002-1684.json | 140 +++++++++--------- 2002/1xxx/CVE-2002-1950.json | 140 +++++++++--------- 2003/0xxx/CVE-2003-0145.json | 180 ++++++++++++------------ 2003/0xxx/CVE-2003-0159.json | 180 ++++++++++++------------ 2003/0xxx/CVE-2003-0247.json | 230 +++++++++++++++--------------- 2003/0xxx/CVE-2003-0701.json | 150 ++++++++++---------- 2003/1xxx/CVE-2003-1566.json | 160 ++++++++++----------- 2012/0xxx/CVE-2012-0662.json | 150 ++++++++++---------- 2012/0xxx/CVE-2012-0673.json | 34 ++--- 2012/0xxx/CVE-2012-0900.json | 160 ++++++++++----------- 2012/1xxx/CVE-2012-1037.json | 160 ++++++++++----------- 2012/1xxx/CVE-2012-1050.json | 180 ++++++++++++------------ 2012/1xxx/CVE-2012-1185.json | 250 ++++++++++++++++----------------- 2012/1xxx/CVE-2012-1231.json | 34 ++--- 2012/1xxx/CVE-2012-1896.json | 170 +++++++++++----------- 2012/3xxx/CVE-2012-3973.json | 210 +++++++++++++-------------- 2012/4xxx/CVE-2012-4054.json | 150 ++++++++++---------- 2012/4xxx/CVE-2012-4092.json | 130 ++++++++--------- 2012/4xxx/CVE-2012-4237.json | 180 ++++++++++++------------ 2012/4xxx/CVE-2012-4385.json | 34 ++--- 2012/4xxx/CVE-2012-4785.json | 34 ++--- 2012/4xxx/CVE-2012-4927.json | 190 ++++++++++++------------- 2012/5xxx/CVE-2012-5165.json | 34 ++--- 2012/5xxx/CVE-2012-5181.json | 140 +++++++++--------- 2017/2xxx/CVE-2017-2151.json | 130 ++++++++--------- 2017/2xxx/CVE-2017-2823.json | 120 ++++++++-------- 2017/3xxx/CVE-2017-3299.json | 146 +++++++++---------- 2017/3xxx/CVE-2017-3783.json | 34 ++--- 2017/3xxx/CVE-2017-3901.json | 34 ++--- 2017/6xxx/CVE-2017-6121.json | 34 ++--- 2017/6xxx/CVE-2017-6145.json | 128 ++++++++--------- 2017/6xxx/CVE-2017-6349.json | 170 +++++++++++----------- 2017/6xxx/CVE-2017-6747.json | 130 ++++++++--------- 2017/7xxx/CVE-2017-7163.json | 120 ++++++++-------- 2017/7xxx/CVE-2017-7426.json | 178 +++++++++++------------ 2017/7xxx/CVE-2017-7768.json | 184 ++++++++++++------------ 2017/7xxx/CVE-2017-7842.json | 152 ++++++++++---------- 2018/10xxx/CVE-2018-10017.json | 140 +++++++++--------- 2018/10xxx/CVE-2018-10227.json | 120 ++++++++-------- 2018/10xxx/CVE-2018-10279.json | 34 ++--- 2018/10xxx/CVE-2018-10284.json | 120 ++++++++-------- 2018/10xxx/CVE-2018-10454.json | 34 ++--- 2018/14xxx/CVE-2018-14117.json | 34 ++--- 2018/17xxx/CVE-2018-17517.json | 34 ++--- 2018/17xxx/CVE-2018-17961.json | 220 ++++++++++++++--------------- 2018/20xxx/CVE-2018-20022.json | 150 ++++++++++---------- 2018/20xxx/CVE-2018-20309.json | 34 ++--- 2018/20xxx/CVE-2018-20334.json | 34 ++--- 2018/20xxx/CVE-2018-20551.json | 140 +++++++++--------- 2018/9xxx/CVE-2018-9059.json | 140 +++++++++--------- 2018/9xxx/CVE-2018-9835.json | 34 ++--- 57 files changed, 3584 insertions(+), 3584 deletions(-) diff --git a/2002/0xxx/CVE-2002-0652.json b/2002/0xxx/CVE-2002-0652.json index 02f6361ae17..472f71fa807 100644 --- a/2002/0xxx/CVE-2002-0652.json +++ b/2002/0xxx/CVE-2002-0652.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102459162909825&w=2" - }, - { - "name" : "20020605-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I" - }, - { - "name" : "20020606-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020606-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I" + }, + { + "name": "20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102459162909825&w=2" + }, + { + "name": "20020605-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0759.json b/2002/0xxx/CVE-2002-0759.json index 86d01b32198..a39eb397abd 100644 --- a/2002/0xxx/CVE-2002-0759.json +++ b/2002/0xxx/CVE-2002-0759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:25", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" - }, - { - "name" : "CSSA-2002-039.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt" - }, - { - "name" : "bzip2-decompression-file-overwrite(9126)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9126.php" - }, - { - "name" : "4774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2002-039.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt" + }, + { + "name": "bzip2-decompression-file-overwrite(9126)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9126.php" + }, + { + "name": "4774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4774" + }, + { + "name": "FreeBSD-SA-02:25", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0797.json b/2002/0xxx/CVE-2002-0797.json index 9f085e2b496..2c838b036ad 100644 --- a/2002/0xxx/CVE-2002-0797.json +++ b/2002/0xxx/CVE-2002-0797.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102321107714554&w=2" - }, - { - "name" : "00219", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219" - }, - { - "name" : "solaris-mibiisa-bo(9242)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9242.php" - }, - { - "name" : "4933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4933" - }, - { - "name" : "oval:org.mitre.oval:def:62", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A62" - }, - { - "name" : "oval:org.mitre.oval:def:94", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A94" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4933" + }, + { + "name": "20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102321107714554&w=2" + }, + { + "name": "solaris-mibiisa-bo(9242)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9242.php" + }, + { + "name": "00219", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219" + }, + { + "name": "oval:org.mitre.oval:def:62", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A62" + }, + { + "name": "oval:org.mitre.oval:def:94", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A94" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0988.json b/2002/0xxx/CVE-2002-0988.json index 22ce65dc5d2..776c40eedc5 100644 --- a/2002/0xxx/CVE-2002-0988.json +++ b/2002/0xxx/CVE-2002-0988.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-2002-SCO.38", - "refsource" : "CALDERA", - "url" : "ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38" - }, - { - "name" : "openunix-unixware-xsco-bo(9977)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9977.php" - }, - { - "name" : "5577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5577" + }, + { + "name": "CSSA-2002-SCO.38", + "refsource": "CALDERA", + "url": "ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38" + }, + { + "name": "openunix-unixware-xsco-bo(9977)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9977.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1076.json b/2002/1xxx/CVE-2002-1076.json index 43fcf6ac818..0ecab06d35f 100644 --- a/2002/1xxx/CVE-2002-1076.json +++ b/2002/1xxx/CVE-2002-1076.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html" - }, - { - "name" : "20020729 Hoax Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html" - }, - { - "name" : "20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html" - }, - { - "name" : "http://support.ipswitch.com/kb/IM-20020731-DM02.htm", - "refsource" : "CONFIRM", - "url" : "http://support.ipswitch.com/kb/IM-20020731-DM02.htm" - }, - { - "name" : "http://support.ipswitch.com/kb/IM-20020729-DM01.htm", - "refsource" : "CONFIRM", - "url" : "http://support.ipswitch.com/kb/IM-20020729-DM01.htm" - }, - { - "name" : "5323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5323" - }, - { - "name" : "imail-web-messaging-bo(9679)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9679.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html" + }, + { + "name": "20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html" + }, + { + "name": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm", + "refsource": "CONFIRM", + "url": "http://support.ipswitch.com/kb/IM-20020731-DM02.htm" + }, + { + "name": "imail-web-messaging-bo(9679)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9679.php" + }, + { + "name": "5323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5323" + }, + { + "name": "20020729 Hoax Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html" + }, + { + "name": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm", + "refsource": "CONFIRM", + "url": "http://support.ipswitch.com/kb/IM-20020729-DM01.htm" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1270.json b/2002/1xxx/CVE-2002-1270.json index 263830537ca..db695231e6e 100644 --- a/2002/1xxx/CVE-2002-1270.json +++ b/2002/1xxx/CVE-2002-1270.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.info.apple.com/usen/security/security_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.info.apple.com/usen/security/security_updates.html" - }, - { - "name" : "macos-mach-read-files(10829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10829" - }, - { - "name" : "7060", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.info.apple.com/usen/security/security_updates.html", + "refsource": "CONFIRM", + "url": "http://www.info.apple.com/usen/security/security_updates.html" + }, + { + "name": "macos-mach-read-files(10829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10829" + }, + { + "name": "7060", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7060" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1684.json b/2002/1xxx/CVE-2002-1684.json index 973f7e61eb8..c54e161a886 100644 --- a/2002/1xxx/CVE-2002-1684.json +++ b/2002/1xxx/CVE-2002-1684.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020121 [resend] Strumpf Noir Society on BadBlue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251523" - }, - { - "name" : "badblue-msoffice-script-directory-traversal(7946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7946" - }, - { - "name" : "3913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the script used to read Microsoft Office documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3913" + }, + { + "name": "badblue-msoffice-script-directory-traversal(7946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7946" + }, + { + "name": "20020121 [resend] Strumpf Noir Society on BadBlue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251523" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1950.json b/2002/1xxx/CVE-2002-1950.json index c6f962c731d..4f770bf1b6f 100644 --- a/2002/1xxx/CVE-2002-1950.json +++ b/2002/1xxx/CVE-2002-1950.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021010 Multiple vulnerabilities in phpRank", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html" - }, - { - "name" : "5946", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5946" - }, - { - "name" : "phprank-banner-url-xss(10351)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10351.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the main list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021010 Multiple vulnerabilities in phpRank", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html" + }, + { + "name": "phprank-banner-url-xss(10351)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10351.php" + }, + { + "name": "5946", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5946" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0145.json b/2003/0xxx/CVE-2003-0145.json index c198e212f22..e2232b1a56c 100644 --- a/2003/0xxx/CVE-2003-0145.json +++ b/2003/0xxx/CVE-2003-0145.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in tcpdump before 3.7.2 related to an inability to \"Handle unknown RADIUS attributes properly,\" allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "DSA-261", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-261" - }, - { - "name" : "MDKSA-2003:027", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027" - }, - { - "name" : "RHSA-2003:032", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html" - }, - { - "name" : "RHSA-2003:151", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-151.html" - }, - { - "name" : "RHSA-2003:214", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html" - }, - { - "name" : "tcpdump-radius-attribute-dos(11857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in tcpdump before 3.7.2 related to an inability to \"Handle unknown RADIUS attributes properly,\" allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:151", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-151.html" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "DSA-261", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-261" + }, + { + "name": "MDKSA-2003:027", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027" + }, + { + "name": "RHSA-2003:214", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-214.html" + }, + { + "name": "tcpdump-radius-attribute-dos(11857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11857" + }, + { + "name": "RHSA-2003:032", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-032.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0159.json b/2003/0xxx/CVE-2003-0159.json index cbe5ced9849..eee55c52ae1 100644 --- a/2003/0xxx/CVE-2003-0159.json +++ b/2003/0xxx/CVE-2003-0159.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html" - }, - { - "name" : "20030309 GLSA: ethereal (200303-10)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104741640924709&w=2" - }, - { - "name" : "RHSA-2003:077", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html" - }, - { - "name" : "SuSE-SA:2003:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html" - }, - { - "name" : "MDKSA-2003:051", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:051" - }, - { - "name" : "7050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7050" - }, - { - "name" : "oval:org.mitre.oval:def:55", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7050" + }, + { + "name": "oval:org.mitre.oval:def:55", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55" + }, + { + "name": "RHSA-2003:077", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-077.html" + }, + { + "name": "SuSE-SA:2003:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html" + }, + { + "name": "20030309 GLSA: ethereal (200303-10)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104741640924709&w=2" + }, + { + "name": "MDKSA-2003:051", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:051" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00008.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00008.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0247.json b/2003/0xxx/CVE-2003-0247.json index 32062173f10..a8e25a890e8 100644 --- a/2003/0xxx/CVE-2003-0247.json +++ b/2003/0xxx/CVE-2003-0247.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:187", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html" - }, - { - "name" : "RHSA-2003:195", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html" - }, - { - "name" : "RHSA-2003:198", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html" - }, - { - "name" : "DSA-311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-311" - }, - { - "name" : "DSA-312", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-312" - }, - { - "name" : "DSA-332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-332" - }, - { - "name" : "DSA-336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-336" - }, - { - "name" : "DSA-442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-442" - }, - { - "name" : "MDKSA-2003:066", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066" - }, - { - "name" : "MDKSA-2003:074", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074" - }, - { - "name" : "TLSA-2003-41", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt" - }, - { - "name" : "oval:org.mitre.oval:def:284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:187", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-187.html" + }, + { + "name": "oval:org.mitre.oval:def:284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A284" + }, + { + "name": "TLSA-2003-41", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-41.txt" + }, + { + "name": "RHSA-2003:195", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-195.html" + }, + { + "name": "RHSA-2003:198", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-198.html" + }, + { + "name": "MDKSA-2003:074", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074" + }, + { + "name": "DSA-336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-336" + }, + { + "name": "MDKSA-2003:066", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066" + }, + { + "name": "DSA-311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-311" + }, + { + "name": "DSA-332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-332" + }, + { + "name": "DSA-312", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-312" + }, + { + "name": "DSA-442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-442" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0701.json b/2003/0xxx/CVE-2003-0701.json index b79a5f4b44e..69f0784a536 100644 --- a/2003/0xxx/CVE-2003-0701.json +++ b/2003/0xxx/CVE-2003-0701.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106148101210479&w=2" - }, - { - "name" : "MS03-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" - }, - { - "name" : "VU#334928", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/334928" - }, - { - "name" : "ie-dbcs-object-bo(12970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#334928", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/334928" + }, + { + "name": "ie-dbcs-object-bo(12970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970" + }, + { + "name": "MS03-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" + }, + { + "name": "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106148101210479&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1566.json b/2003/1xxx/CVE-2003-1566.json index bd620417859..7d7050899b6 100644 --- a/2003/1xxx/CVE-2003-1566.json +++ b/2003/1xxx/CVE-2003-1566.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html" - }, - { - "name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", - "refsource" : "MISC", - "url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt" - }, - { - "name" : "9313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9313" - }, - { - "name" : "4864", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4864" - }, - { - "name" : "iis-improper-httptrack-logging(14077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031227 AQ-2003-02: Microsoft IIS Logging Failure", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html" + }, + { + "name": "4864", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4864" + }, + { + "name": "iis-improper-httptrack-logging(14077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14077" + }, + { + "name": "9313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9313" + }, + { + "name": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", + "refsource": "MISC", + "url": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0662.json b/2012/0xxx/CVE-2012-0662.json index 297bbec0323..43d622bc1cb 100644 --- a/2012/0xxx/CVE-2012-0662.json +++ b/2012/0xxx/CVE-2012-0662.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "53445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53445" - }, - { - "name" : "53468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53445" + }, + { + "name": "53468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53468" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0673.json b/2012/0xxx/CVE-2012-0673.json index ebb19acb36d..d87d56361b8 100644 --- a/2012/0xxx/CVE-2012-0673.json +++ b/2012/0xxx/CVE-2012-0673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0900.json b/2012/0xxx/CVE-2012-0900.json index 1078f63339a..a16b125358c 100644 --- a/2012/0xxx/CVE-2012-0900.json +++ b/2012/0xxx/CVE-2012-0900.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120115 Beehive Forum 101 Multiple XSS vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0103.html" - }, - { - "name" : "http://www.darksecurity.de/advisories/SSCHADV2011-042.txt", - "refsource" : "MISC", - "url" : "http://www.darksecurity.de/advisories/SSCHADV2011-042.txt" - }, - { - "name" : "51424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51424" - }, - { - "name" : "47595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47595" - }, - { - "name" : "beehiveforum101-multiple-xss(72411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "beehiveforum101-multiple-xss(72411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72411" + }, + { + "name": "http://www.darksecurity.de/advisories/SSCHADV2011-042.txt", + "refsource": "MISC", + "url": "http://www.darksecurity.de/advisories/SSCHADV2011-042.txt" + }, + { + "name": "47595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47595" + }, + { + "name": "51424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51424" + }, + { + "name": "20120115 Beehive Forum 101 Multiple XSS vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0103.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1037.json b/2012/1xxx/CVE-2012-1037.json index fbd25323101..9f7ac2a7b1b 100644 --- a/2012/1xxx/CVE-2012-1037.json +++ b/2012/1xxx/CVE-2012-1037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120210 CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Feb/157" - }, - { - "name" : "https://forge.indepnet.net/issues/3338", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/issues/3338" - }, - { - "name" : "https://forge.indepnet.net/projects/glpi/repository/revisions/17457/diff/branches/0.80-bugfixes/front/popup.php", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/projects/glpi/repository/revisions/17457/diff/branches/0.80-bugfixes/front/popup.php" - }, - { - "name" : "https://forge.indepnet.net/projects/glpi/versions/685", - "refsource" : "CONFIRM", - "url" : "https://forge.indepnet.net/projects/glpi/versions/685" - }, - { - "name" : "MDVSA-2012:016", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forge.indepnet.net/projects/glpi/versions/685", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/projects/glpi/versions/685" + }, + { + "name": "MDVSA-2012:016", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:016" + }, + { + "name": "20120210 CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Feb/157" + }, + { + "name": "https://forge.indepnet.net/issues/3338", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/issues/3338" + }, + { + "name": "https://forge.indepnet.net/projects/glpi/repository/revisions/17457/diff/branches/0.80-bugfixes/front/popup.php", + "refsource": "CONFIRM", + "url": "https://forge.indepnet.net/projects/glpi/repository/revisions/17457/diff/branches/0.80-bugfixes/front/popup.php" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1050.json b/2012/1xxx/CVE-2012-1050.json index 886a3b678a6..3cd3dcf6c58 100644 --- a/2012/1xxx/CVE-2012-1050.json +++ b/2012/1xxx/CVE-2012-1050.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120203 Mathopd - Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0025.html" - }, - { - "name" : "[mathopd] 20120202 security alert: directory traversal when using * in Location", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html" - }, - { - "name" : "http://www.mathopd.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.mathopd.org/security.html" - }, - { - "name" : "78896", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78896" - }, - { - "name" : "1026641", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026641" - }, - { - "name" : "47908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47908" - }, - { - "name" : "mathopd-http-directory-traversal(73049)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47908" + }, + { + "name": "20120203 Mathopd - Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0025.html" + }, + { + "name": "[mathopd] 20120202 security alert: directory traversal when using * in Location", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/mathopd%40mathopd.org/msg00392.html" + }, + { + "name": "1026641", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026641" + }, + { + "name": "mathopd-http-directory-traversal(73049)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73049" + }, + { + "name": "http://www.mathopd.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.mathopd.org/security.html" + }, + { + "name": "78896", + "refsource": "OSVDB", + "url": "http://osvdb.org/78896" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1185.json b/2012/1xxx/CVE-2012-1185.json index 3cdf0b83ef2..6055b1db7a2 100644 --- a/2012/1xxx/CVE-2012-1185.json +++ b/2012/1xxx/CVE-2012-1185.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185" - }, - { - "name" : "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c", - "refsource" : "CONFIRM", - "url" : "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c" - }, - { - "name" : "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c", - "refsource" : "CONFIRM", - "url" : "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c" - }, - { - "name" : "DSA-2462", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2462" - }, - { - "name" : "openSUSE-SU-2012:0692", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html" - }, - { - "name" : "USN-1435-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1435-1" - }, - { - "name" : "51957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51957" - }, - { - "name" : "80556", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80556" - }, - { - "name" : "47926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47926" - }, - { - "name" : "48974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48974" - }, - { - "name" : "49043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49043" - }, - { - "name" : "49317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49317" - }, - { - "name" : "imagemagick-profile-code-execution(76140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80556", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80556" + }, + { + "name": "openSUSE-SU-2012:0692", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-06/msg00001.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185" + }, + { + "name": "49043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49043" + }, + { + "name": "DSA-2462", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2462" + }, + { + "name": "51957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51957" + }, + { + "name": "[oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/5" + }, + { + "name": "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c", + "refsource": "CONFIRM", + "url": "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c" + }, + { + "name": "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c", + "refsource": "CONFIRM", + "url": "http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c" + }, + { + "name": "47926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47926" + }, + { + "name": "USN-1435-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1435-1" + }, + { + "name": "imagemagick-profile-code-execution(76140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76140" + }, + { + "name": "48974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48974" + }, + { + "name": "49317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49317" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1231.json b/2012/1xxx/CVE-2012-1231.json index e4b07fac938..8081b962fe4 100644 --- a/2012/1xxx/CVE-2012-1231.json +++ b/2012/1xxx/CVE-2012-1231.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1231", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1231", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1896.json b/2012/1xxx/CVE-2012-1896.json index 0689a938ebc..7dbdb1c1f80 100644 --- a/2012/1xxx/CVE-2012-1896.json +++ b/2012/1xxx/CVE-2012-1896.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \"Code Access Security Info Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "56456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56456" - }, - { - "name" : "oval:org.mitre.oval:def:15785", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15785" - }, - { - "name" : "1027753", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027753" - }, - { - "name" : "51236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka \"Code Access Security Info Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56456" + }, + { + "name": "oval:org.mitre.oval:def:15785", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15785" + }, + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "MS12-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-074" + }, + { + "name": "51236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51236" + }, + { + "name": "1027753", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027753" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3973.json b/2012/3xxx/CVE-2012-3973.json index d352ff88598..fea938b2e2e 100644 --- a/2012/3xxx/CVE-2012-3973.json +++ b/2012/3xxx/CVE-2012-3973.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-66.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-66.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=757128", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=757128" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55308" - }, - { - "name" : "85005", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85005" - }, - { - "name" : "oval:org.mitre.oval:def:17039", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17039", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17039" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=757128", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=757128" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-66.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-66.html" + }, + { + "name": "55308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55308" + }, + { + "name": "85005", + "refsource": "OSVDB", + "url": "http://osvdb.org/85005" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4054.json b/2012/4xxx/CVE-2012-4054.json index 32b13b3c107..945462b0904 100644 --- a/2012/4xxx/CVE-2012-4054.json +++ b/2012/4xxx/CVE-2012-4054.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18792", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18792" - }, - { - "name" : "53286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53286" - }, - { - "name" : "81496", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81496" - }, - { - "name" : "autorun-killer-bo(75238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18792", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18792" + }, + { + "name": "autorun-killer-bo(75238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75238" + }, + { + "name": "81496", + "refsource": "OSVDB", + "url": "http://osvdb.org/81496" + }, + { + "name": "53286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53286" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4092.json b/2012/4xxx/CVE-2012-4092.json index 7efaa880eb0..ffd64dd9a00 100644 --- a/2012/4xxx/CVE-2012-4092.json +++ b/2012/4xxx/CVE-2012-4092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco Unified Computing System Fabric System Manager Man-in-the-Middle Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4092" - }, - { - "name" : "55034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attackers to read or modify an inter-device data stream by spoofing an identity, aka Bug ID CSCtk00683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55034" + }, + { + "name": "20130925 Cisco Unified Computing System Fabric System Manager Man-in-the-Middle Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4092" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4237.json b/2012/4xxx/CVE-2012-4237.json index 57985a46986..5cf3b104b03 100644 --- a/2012/4xxx/CVE-2012-4237.json +++ b/2012/4xxx/CVE-2012-4237.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120814 TCExam Edit SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.html" - }, - { - "name" : "[oss-security] 20120813 TCExam Edit SQL Injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/13/8" - }, - { - "name" : "http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html", - "refsource" : "MISC", - "url" : "http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html" - }, - { - "name" : "http://freecode.com/projects/tcexam/releases/347125", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/tcexam/releases/347125" - }, - { - "name" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742", - "refsource" : "CONFIRM", - "url" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742" - }, - { - "name" : "54861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54861" - }, - { - "name" : "50141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54861" + }, + { + "name": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742", + "refsource": "CONFIRM", + "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742" + }, + { + "name": "20120814 TCExam Edit SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0079.html" + }, + { + "name": "50141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50141" + }, + { + "name": "http://freecode.com/projects/tcexam/releases/347125", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/tcexam/releases/347125" + }, + { + "name": "http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html", + "refsource": "MISC", + "url": "http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html" + }, + { + "name": "[oss-security] 20120813 TCExam Edit SQL Injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/13/8" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4385.json b/2012/4xxx/CVE-2012-4385.json index 386b950f412..82cf66a81d1 100644 --- a/2012/4xxx/CVE-2012-4385.json +++ b/2012/4xxx/CVE-2012-4385.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4385", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4385", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4785.json b/2012/4xxx/CVE-2012-4785.json index 9fa325e36cb..5ebf8ba5325 100644 --- a/2012/4xxx/CVE-2012-4785.json +++ b/2012/4xxx/CVE-2012-4785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4785", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4785", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4927.json b/2012/4xxx/CVE-2012-4927.json index 9f03174d5d4..4ebdbf6f9cf 100644 --- a/2012/4xxx/CVE-2012-4927.json +++ b/2012/4xxx/CVE-2012-4927.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18508", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18508" - }, - { - "name" : "http://freecode.com/projects/limesurvey/releases/342070", - "refsource" : "MISC", - "url" : "http://freecode.com/projects/limesurvey/releases/342070" - }, - { - "name" : "http://packetstormsecurity.org/files/110100/limesurvey-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/110100/limesurvey-sql.txt" - }, - { - "name" : "http://www.limesurvey.org/en/stable-release", - "refsource" : "CONFIRM", - "url" : "http://www.limesurvey.org/en/stable-release" - }, - { - "name" : "52114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52114" - }, - { - "name" : "79459", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79459" - }, - { - "name" : "48051", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48051" - }, - { - "name" : "phpsurveyor-index-sql-injection(73395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52114" + }, + { + "name": "http://packetstormsecurity.org/files/110100/limesurvey-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/110100/limesurvey-sql.txt" + }, + { + "name": "http://www.limesurvey.org/en/stable-release", + "refsource": "CONFIRM", + "url": "http://www.limesurvey.org/en/stable-release" + }, + { + "name": "18508", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18508" + }, + { + "name": "48051", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48051" + }, + { + "name": "phpsurveyor-index-sql-injection(73395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73395" + }, + { + "name": "79459", + "refsource": "OSVDB", + "url": "http://osvdb.org/79459" + }, + { + "name": "http://freecode.com/projects/limesurvey/releases/342070", + "refsource": "MISC", + "url": "http://freecode.com/projects/limesurvey/releases/342070" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5165.json b/2012/5xxx/CVE-2012-5165.json index 0624024443f..05b9e84f734 100644 --- a/2012/5xxx/CVE-2012-5165.json +++ b/2012/5xxx/CVE-2012-5165.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5165", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5165", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5181.json b/2012/5xxx/CVE-2012-5181.json index 560b46977ce..3f72231c02b 100644 --- a/2012/5xxx/CVE-2012-5181.json +++ b/2012/5xxx/CVE-2012-5181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-5181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://concrete5-japan.org/news/concrete5602ja-release/", - "refsource" : "CONFIRM", - "url" : "http://concrete5-japan.org/news/concrete5602ja-release/" - }, - { - "name" : "JVN#65458431", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN65458431/index.html" - }, - { - "name" : "JVNDB-2012-000113", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#65458431", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN65458431/index.html" + }, + { + "name": "JVNDB-2012-000113", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000113" + }, + { + "name": "http://concrete5-japan.org/news/concrete5602ja-release/", + "refsource": "CONFIRM", + "url": "http://concrete5-japan.org/news/concrete5602ja-release/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2151.json b/2017/2xxx/CVE-2017-2151.json index 406568cb380..d4b5e95c2ee 100644 --- a/2017/2xxx/CVE-2017-2151.json +++ b/2017/2xxx/CVE-2017-2151.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Booking Calendar", - "version" : { - "version_data" : [ - { - "version_value" : "version 7.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "wpdevelop" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Booking Calendar", + "version": { + "version_data": [ + { + "version_value": "version 7.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "wpdevelop" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wpbookingcalendar.com/changelog/", - "refsource" : "MISC", - "url" : "http://wpbookingcalendar.com/changelog/" - }, - { - "name" : "JVN#54762089", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN54762089/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wpbookingcalendar.com/changelog/", + "refsource": "MISC", + "url": "http://wpbookingcalendar.com/changelog/" + }, + { + "name": "JVN#54762089", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN54762089/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2823.json b/2017/2xxx/CVE-2017-2823.json index a7a8985a06f..aca8e8ed5df 100644 --- a/2017/2xxx/CVE-2017-2823.json +++ b/2017/2xxx/CVE-2017-2823.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PowerIso", - "version" : { - "version_data" : [ - { - "version_value" : "6.8 (6, 8, 0, 0)" - } - ] - } - } - ] - }, - "vendor_name" : "Power Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerIso", + "version": { + "version_data": [ + { + "version_value": "6.8 (6, 8, 0, 0)" + } + ] + } + } + ] + }, + "vendor_name": "Power Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0324", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0324", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0324" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3299.json b/2017/3xxx/CVE-2017-3299.json index 397bc110450..306c5db5e64 100644 --- a/2017/3xxx/CVE-2017-3299.json +++ b/2017/3xxx/CVE-2017-3299.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_value" : "8.54" - }, - { - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.54" + }, + { + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95503" - }, - { - "name" : "1037634", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037634", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037634" + }, + { + "name": "95503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95503" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3783.json b/2017/3xxx/CVE-2017-3783.json index a1115da742f..bd947995f03 100644 --- a/2017/3xxx/CVE-2017-3783.json +++ b/2017/3xxx/CVE-2017-3783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3783", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3783", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3901.json b/2017/3xxx/CVE-2017-3901.json index f1042cb6d17..1c88b7b37aa 100644 --- a/2017/3xxx/CVE-2017-3901.json +++ b/2017/3xxx/CVE-2017-3901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3901", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6121.json b/2017/6xxx/CVE-2017-6121.json index 6da281c9119..28b852a7780 100644 --- a/2017/6xxx/CVE-2017-6121.json +++ b/2017/6xxx/CVE-2017-6121.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6121", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6121", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6145.json b/2017/6xxx/CVE-2017-6145.json index edb16243ec4..b23505a84f0 100644 --- a/2017/6xxx/CVE-2017-6145.json +++ b/2017/6xxx/CVE-2017-6145.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-07-12T00:00:00", - "ID" : "CVE-2017-6145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.0 through 12.1.2" - }, - { - "version_value" : "13.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cookie verification vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-07-12T00:00:00", + "ID": "CVE-2017-6145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", + "version": { + "version_data": [ + { + "version_value": "12.0.0 through 12.1.2" + }, + { + "version_value": "13.0.0" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K22317030", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K22317030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cookie verification vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K22317030", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K22317030" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6349.json b/2017/6xxx/CVE-2017-6349.json index f571a771dbd..b52d3cfd59b 100644 --- a/2017/6xxx/CVE-2017-6349.json +++ b/2017/6xxx/CVE-2017-6349.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c", - "refsource" : "MISC", - "url" : "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c" - }, - { - "name" : "https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA" - }, - { - "name" : "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y" - }, - { - "name" : "GLSA-201706-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-26" - }, - { - "name" : "96451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96451" - }, - { - "name" : "1037949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-26" + }, + { + "name": "1037949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037949" + }, + { + "name": "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c", + "refsource": "MISC", + "url": "https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c" + }, + { + "name": "96451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96451" + }, + { + "name": "https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/vim_dev/LAgsTcdSfNA" + }, + { + "name": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/vim_dev/QPZc0CY9j3Y" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6747.json b/2017/6xxx/CVE-2017-6747.json index 4bdb72fa311..cafcb3c72f3 100644 --- a/2017/6xxx/CVE-2017-6747.json +++ b/2017/6xxx/CVE-2017-6747.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Identity Services Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Identity Services Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Identity Services Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise" - }, - { - "name" : "1039054", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039054", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039054" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7163.json b/2017/7xxx/CVE-2017-7163.json index ab6a915ce80..7e0f6fadd81 100644 --- a/2017/7xxx/CVE-2017-7163.json +++ b/2017/7xxx/CVE-2017-7163.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7426.json b/2017/7xxx/CVE-2017-7426.json index 81e74c6822a..3b280749c08 100644 --- a/2017/7xxx/CVE-2017-7426.json +++ b/2017/7xxx/CVE-2017-7426.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-08-03T00:00:00.000Z", - "ID" : "CVE-2017-7426", - "STATE" : "PUBLIC", - "TITLE" : "iManager - XML External Entity vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Identity Manager Plug-ins", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "NetIQ" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Pawel.Batunek@ingservicespolska.pl" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.4, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "External XML Entity attacks" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-08-03T00:00:00.000Z", + "ID": "CVE-2017-7426", + "STATE": "PUBLIC", + "TITLE": "iManager - XML External Entity vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager Plug-ins", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.6.1" + } + ] + } + } + ] + }, + "vendor_name": "NetIQ" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7021173", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7021173" - } - ] - }, - "source" : { - "advisory" : "7021173", - "discovery" : "EXTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Pawel.Batunek@ingservicespolska.pl" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "External XML Entity attacks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.novell.com/support/kb/doc.php?id=7021173", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7021173" + } + ] + }, + "source": { + "advisory": "7021173", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7768.json b/2017/7xxx/CVE-2017-7768.json index c22b855ab77..160465aedeb 100644 --- a/2017/7xxx/CVE-2017-7768.json +++ b/2017/7xxx/CVE-2017-7768.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "32 byte arbitrary file read through Mozilla Maintenance Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336979", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336979" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "32 byte arbitrary file read through Mozilla Maintenance Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336979", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336979" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7842.json b/2017/7xxx/CVE-2017-7842.json index 43b5aeed7b8..06789ae6ae8 100644 --- a/2017/7xxx/CVE-2017-7842.json +++ b/2017/7xxx/CVE-2017-7842.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "57" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If a document's Referrer Policy attribute is set to \"no-referrer\" sometimes two network requests are made for \"\" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Referrer Policy is not always respected for elements" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "57" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1397064", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1397064" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" - }, - { - "name" : "101832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101832" - }, - { - "name" : "1039803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If a document's Referrer Policy attribute is set to \"no-referrer\" sometimes two network requests are made for \"\" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Referrer Policy is not always respected for elements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" + }, + { + "name": "101832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101832" + }, + { + "name": "1039803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039803" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1397064", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1397064" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10017.json b/2018/10xxx/CVE-2018-10017.json index f0cd982738c..178fdb39a34 100644 --- a/2018/10xxx/CVE-2018-10017.json +++ b/2018/10xxx/CVE-2018-10017.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76", - "refsource" : "CONFIRM", - "url" : "https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76" - }, - { - "name" : "https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/", - "refsource" : "CONFIRM", - "url" : "https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/" - }, - { - "name" : "https://openmpt.org/openmpt-1-27-07-00-released", - "refsource" : "CONFIRM", - "url" : "https://openmpt.org/openmpt-1-27-07-00-released" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://openmpt.org/openmpt-1-27-07-00-released", + "refsource": "CONFIRM", + "url": "https://openmpt.org/openmpt-1-27-07-00-released" + }, + { + "name": "https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76", + "refsource": "CONFIRM", + "url": "https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76" + }, + { + "name": "https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/", + "refsource": "CONFIRM", + "url": "https://lib.openmpt.org/libopenmpt/2018/04/08/security-updates-0.3.8-0.2-beta31-0.2.7561-beta20.5-p8-0.2.7386-beta20.3-p11/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10227.json b/2018/10xxx/CVE-2018-10227.json index 3064ec57816..6eb37954fe7 100644 --- a/2018/10xxx/CVE-2018-10227.json +++ b/2018/10xxx/CVE-2018-10227.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bg5sbk/MiniCMS/issues/15", - "refsource" : "MISC", - "url" : "https://github.com/bg5sbk/MiniCMS/issues/15" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bg5sbk/MiniCMS/issues/15", + "refsource": "MISC", + "url": "https://github.com/bg5sbk/MiniCMS/issues/15" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10279.json b/2018/10xxx/CVE-2018-10279.json index 16a160ba698..8bfd3517c93 100644 --- a/2018/10xxx/CVE-2018-10279.json +++ b/2018/10xxx/CVE-2018-10279.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10279", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10279", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10284.json b/2018/10xxx/CVE-2018-10284.json index dedc23ec8a2..db29ea1321c 100644 --- a/2018/10xxx/CVE-2018-10284.json +++ b/2018/10xxx/CVE-2018-10284.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lab.insightsecurity.com.br/g-tickets-sql-injection/", - "refsource" : "MISC", - "url" : "https://lab.insightsecurity.com.br/g-tickets-sql-injection/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lab.insightsecurity.com.br/g-tickets-sql-injection/", + "refsource": "MISC", + "url": "https://lab.insightsecurity.com.br/g-tickets-sql-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10454.json b/2018/10xxx/CVE-2018-10454.json index f2f1b6a9dc8..58f7369e617 100644 --- a/2018/10xxx/CVE-2018-10454.json +++ b/2018/10xxx/CVE-2018-10454.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10454", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10454", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14117.json b/2018/14xxx/CVE-2018-14117.json index 1c43b0ab210..374cf2753bb 100644 --- a/2018/14xxx/CVE-2018-14117.json +++ b/2018/14xxx/CVE-2018-14117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14117", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14117", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17517.json b/2018/17xxx/CVE-2018-17517.json index fa10466c681..adef167e07f 100644 --- a/2018/17xxx/CVE-2018-17517.json +++ b/2018/17xxx/CVE-2018-17517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17961.json b/2018/17xxx/CVE-2018-17961.json index baa5633f95d..789c4a469d7 100644 --- a/2018/17xxx/CVE-2018-17961.json +++ b/2018/17xxx/CVE-2018-17961.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45573", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45573/" - }, - { - "name" : "[oss-security] 20181009 ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/10/09/4" - }, - { - "name" : "[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699816", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699816" - }, - { - "name" : "DSA-4336", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4336" - }, - { - "name" : "RHSA-2018:3834", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3834" - }, - { - "name" : "USN-3803-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3803-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63" + }, + { + "name": "[oss-security] 20181009 ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/10/09/4" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699816", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699816" + }, + { + "name": "RHSA-2018:3834", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3834" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0" + }, + { + "name": "USN-3803-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3803-1/" + }, + { + "name": "DSA-4336", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4336" + }, + { + "name": "[debian-lts-announce] 20181022 [SECURITY] [DLA 1552-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00013.html" + }, + { + "name": "45573", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45573/" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20022.json b/2018/20xxx/CVE-2018-20022.json index e100acf55b8..9164e318363 100644 --- a/2018/20xxx/CVE-2018-20022.json +++ b/2018/20xxx/CVE-2018-20022.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2018-20022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibVNC", - "version" : { - "version_data" : [ - { - "version_value" : "commit 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2018-20022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibVNC", + "version": { + "version_data": [ + { + "version_value": "commit 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1617-1] libvncserver security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html" - }, - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/" - }, - { - "name" : "DSA-4383", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2019/dsa-4383" - }, - { - "name" : "USN-3877-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3877-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4383", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2019/dsa-4383" + }, + { + "name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1617-1] libvncserver security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html" + }, + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/" + }, + { + "name": "USN-3877-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3877-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20309.json b/2018/20xxx/CVE-2018-20309.json index 56257425d7d..4be9d4dc291 100644 --- a/2018/20xxx/CVE-2018-20309.json +++ b/2018/20xxx/CVE-2018-20309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20334.json b/2018/20xxx/CVE-2018-20334.json index f90a25adf31..dc70ab04aa8 100644 --- a/2018/20xxx/CVE-2018-20334.json +++ b/2018/20xxx/CVE-2018-20334.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20334", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20334", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20551.json b/2018/20xxx/CVE-2018-20551.json index 8b4245511fa..9ba4daac8f1 100644 --- a/2018/20xxx/CVE-2018-20551.json +++ b/2018/20xxx/CVE-2018-20551.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/703", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/703" - }, - { - "name" : "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146", - "refsource" : "MISC", - "url" : "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146" - }, - { - "name" : "USN-3886-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3886-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146" + }, + { + "name": "USN-3886-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3886-1/" + }, + { + "name": "https://gitlab.freedesktop.org/poppler/poppler/issues/703", + "refsource": "MISC", + "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/703" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9059.json b/2018/9xxx/CVE-2018-9059.json index f9963bd3a35..60c5d2d35e4 100644 --- a/2018/9xxx/CVE-2018-9059.json +++ b/2018/9xxx/CVE-2018-9059.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44485", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44485/" - }, - { - "name" : "44522", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44522/" - }, - { - "name" : "http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147246/Easy-File-Sharing-Web-Server-7.2-Buffer-Overflow.html" + }, + { + "name": "44522", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44522/" + }, + { + "name": "44485", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44485/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9835.json b/2018/9xxx/CVE-2018-9835.json index be1a57126a0..7175b59e1d1 100644 --- a/2018/9xxx/CVE-2018-9835.json +++ b/2018/9xxx/CVE-2018-9835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file