From b526f56f19be0de602416e12f74afbc5090dbf2e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:29:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0002.json | 190 ++++++++++----------- 2002/0xxx/CVE-2002-0087.json | 150 ++++++++--------- 2002/0xxx/CVE-2002-0186.json | 200 +++++++++++----------- 2002/0xxx/CVE-2002-0401.json | 200 +++++++++++----------- 2002/0xxx/CVE-2002-0874.json | 120 ++++++------- 2002/1xxx/CVE-2002-1003.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1191.json | 170 +++++++++---------- 2002/1xxx/CVE-2002-1667.json | 130 +++++++-------- 2002/1xxx/CVE-2002-1712.json | 150 ++++++++--------- 2002/1xxx/CVE-2002-1901.json | 120 ++++++------- 2003/0xxx/CVE-2003-0514.json | 130 +++++++-------- 2003/0xxx/CVE-2003-0767.json | 120 ++++++------- 2003/0xxx/CVE-2003-0956.json | 130 +++++++-------- 2003/1xxx/CVE-2003-1485.json | 130 +++++++-------- 2012/0xxx/CVE-2012-0136.json | 140 ++++++++-------- 2012/0xxx/CVE-2012-0197.json | 34 ++-- 2012/0xxx/CVE-2012-0227.json | 150 ++++++++--------- 2012/0xxx/CVE-2012-0406.json | 150 ++++++++--------- 2012/0xxx/CVE-2012-0780.json | 150 ++++++++--------- 2012/1xxx/CVE-2012-1211.json | 140 ++++++++-------- 2012/1xxx/CVE-2012-1256.json | 130 +++++++-------- 2012/1xxx/CVE-2012-1621.json | 240 +++++++++++++------------- 2012/1xxx/CVE-2012-1832.json | 130 +++++++-------- 2012/1xxx/CVE-2012-1884.json | 34 ++-- 2012/3xxx/CVE-2012-3093.json | 34 ++-- 2012/3xxx/CVE-2012-3959.json | 260 ++++++++++++++--------------- 2012/4xxx/CVE-2012-4076.json | 160 +++++++++--------- 2012/4xxx/CVE-2012-4090.json | 170 +++++++++---------- 2012/4xxx/CVE-2012-4223.json | 34 ++-- 2012/4xxx/CVE-2012-4338.json | 34 ++-- 2012/4xxx/CVE-2012-4418.json | 160 +++++++++--------- 2012/5xxx/CVE-2012-5867.json | 34 ++-- 2017/1002xxx/CVE-2017-1002017.json | 138 +++++++-------- 2017/2xxx/CVE-2017-2555.json | 34 ++-- 2017/3xxx/CVE-2017-3099.json | 160 +++++++++--------- 2017/3xxx/CVE-2017-3673.json | 34 ++-- 2017/3xxx/CVE-2017-3857.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6519.json | 170 +++++++++---------- 2017/6xxx/CVE-2017-6835.json | 160 +++++++++--------- 2017/7xxx/CVE-2017-7188.json | 140 ++++++++-------- 2017/7xxx/CVE-2017-7529.json | 162 +++++++++--------- 2017/7xxx/CVE-2017-7771.json | 34 ++-- 2017/7xxx/CVE-2017-7979.json | 190 ++++++++++----------- 2018/10xxx/CVE-2018-10712.json | 130 +++++++-------- 2018/10xxx/CVE-2018-10818.json | 34 ++-- 2018/14xxx/CVE-2018-14478.json | 34 ++-- 2018/14xxx/CVE-2018-14636.json | 172 +++++++++---------- 2018/17xxx/CVE-2018-17551.json | 34 ++-- 2018/17xxx/CVE-2018-17605.json | 130 +++++++-------- 2018/17xxx/CVE-2018-17643.json | 130 +++++++-------- 2018/20xxx/CVE-2018-20456.json | 130 +++++++-------- 2018/20xxx/CVE-2018-20474.json | 34 ++-- 2018/20xxx/CVE-2018-20540.json | 120 ++++++------- 2018/9xxx/CVE-2018-9068.json | 156 ++++++++--------- 2018/9xxx/CVE-2018-9302.json | 130 +++++++-------- 2018/9xxx/CVE-2018-9604.json | 34 ++-- 2018/9xxx/CVE-2018-9679.json | 34 ++-- 2018/9xxx/CVE-2018-9860.json | 130 +++++++-------- 2018/9xxx/CVE-2018-9938.json | 130 +++++++-------- 59 files changed, 3594 insertions(+), 3594 deletions(-) diff --git a/2002/0xxx/CVE-2002-0002.json b/2002/0xxx/CVE-2002-0002.json index 13f7f9d7f7c..77aa6efbd0b 100644 --- a/2002/0xxx/CVE-2002-0002.json +++ b/2002/0xxx/CVE-2002-0002.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marc.info/?l=stunnel-users&m=100869449828705&w=2", - "refsource" : "MISC", - "url" : "http://marc.info/?l=stunnel-users&m=100869449828705&w=2" - }, - { - "name" : "20011227 Stunnel: Format String Bug in versions <3.22", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/247427" - }, - { - "name" : "20020102 Stunnel: Format String Bug update", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/248149" - }, - { - "name" : "http://stunnel.mirt.net/news.html", - "refsource" : "CONFIRM", - "url" : "http://stunnel.mirt.net/news.html" - }, - { - "name" : "RHSA-2002:002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-002.html" - }, - { - "name" : "MDKSA-2002:004", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3" - }, - { - "name" : "stunnel-client-format-string(7741)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7741" - }, - { - "name" : "3748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=stunnel-users&m=100869449828705&w=2", + "refsource": "MISC", + "url": "http://marc.info/?l=stunnel-users&m=100869449828705&w=2" + }, + { + "name": "3748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3748" + }, + { + "name": "MDKSA-2002:004", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3" + }, + { + "name": "20020102 Stunnel: Format String Bug update", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/248149" + }, + { + "name": "stunnel-client-format-string(7741)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7741" + }, + { + "name": "http://stunnel.mirt.net/news.html", + "refsource": "CONFIRM", + "url": "http://stunnel.mirt.net/news.html" + }, + { + "name": "RHSA-2002:002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-002.html" + }, + { + "name": "20011227 Stunnel: Format String Bug in versions <3.22", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/247427" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0087.json b/2002/0xxx/CVE-2002-0087.json index dd15630b063..3e8176fdb09 100644 --- a/2002/0xxx/CVE-2002-0087.json +++ b/2002/0xxx/CVE-2002-0087.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.esecurityonline.com/advisories/eSO4125.asp", - "refsource" : "MISC", - "url" : "http://www.esecurityonline.com/advisories/eSO4125.asp" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671" - }, - { - "name" : "4318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4318" - }, - { - "name" : "lotus-domino-tmpfile-symlink(8586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.esecurityonline.com/advisories/eSO4125.asp", + "refsource": "MISC", + "url": "http://www.esecurityonline.com/advisories/eSO4125.asp" + }, + { + "name": "4318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4318" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671" + }, + { + "name": "lotus-domino-tmpfile-symlink(8586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8586" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0186.json b/2002/0xxx/CVE-2002-0186.json index a62813e2d79..4df9495f6d7 100644 --- a/2002/0xxx/CVE-2002-0186.json +++ b/2002/0xxx/CVE-2002-0186.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka \"Unchecked Buffer in SQLXML ISAPI Extension.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102397345410856&w=2" - }, - { - "name" : "20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html" - }, - { - "name" : "MS02-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030" - }, - { - "name" : "VU#811371", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/811371" - }, - { - "name" : "5004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5004" - }, - { - "name" : "5347", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5347" - }, - { - "name" : "oval:org.mitre.oval:def:484", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A484" - }, - { - "name" : "oval:org.mitre.oval:def:489", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A489" - }, - { - "name" : "mssql-sqlxml-isapi-bo(9328)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9328.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka \"Unchecked Buffer in SQLXML ISAPI Extension.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#811371", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/811371" + }, + { + "name": "5347", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5347" + }, + { + "name": "20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html" + }, + { + "name": "MS02-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030" + }, + { + "name": "5004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5004" + }, + { + "name": "mssql-sqlxml-isapi-bo(9328)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9328.php" + }, + { + "name": "oval:org.mitre.oval:def:484", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A484" + }, + { + "name": "oval:org.mitre.oval:def:489", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A489" + }, + { + "name": "20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102397345410856&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0401.json b/2002/0xxx/CVE-2002-0401.json index e0e9b65904f..5a521b8d5a3 100644 --- a/2002/0xxx/CVE-2002-0401.json +++ b/2002/0xxx/CVE-2002-0401.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020529 Potential security issues in Ethereal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102268626526119&w=2" - }, - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00004.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00004.html" - }, - { - "name" : "DSA-130", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-130" - }, - { - "name" : "RHSA-2002:036", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-036.html" - }, - { - "name" : "RHSA-2002:088", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-088.html" - }, - { - "name" : "CLSA-2002:505", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505" - }, - { - "name" : "CSSA-2002-037.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt" - }, - { - "name" : "4806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4806" - }, - { - "name" : "ethereal-smb-dissector-dos(9204)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9204.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLSA-2002:505", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505" + }, + { + "name": "RHSA-2002:088", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-088.html" + }, + { + "name": "DSA-130", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-130" + }, + { + "name": "20020529 Potential security issues in Ethereal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102268626526119&w=2" + }, + { + "name": "ethereal-smb-dissector-dos(9204)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9204.php" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00004.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00004.html" + }, + { + "name": "4806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4806" + }, + { + "name": "RHSA-2002:036", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-036.html" + }, + { + "name": "CSSA-2002-037.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0874.json b/2002/0xxx/CVE-2002-0874.json index 519b216ef2d..344df010385 100644 --- a/2002/0xxx/CVE-2002-0874.json +++ b/2002/0xxx/CVE-2002-0874.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-150", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when running in INET mode, allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-150", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-150" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1003.json b/2002/1xxx/CVE-2002-1003.json index b579354d804..65b7fb58686 100644 --- a/2002/1xxx/CVE-2002-1003.json +++ b/2002/1xxx/CVE-2002-1003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020708 Foundstone Advisory - Buffer Overflow in MyWebServer (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html" - }, - { - "name" : "mywebserver-long-url-bo(9501)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9501.php" - }, - { - "name" : "5184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020708 Foundstone Advisory - Buffer Overflow in MyWebServer (fwd)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html" + }, + { + "name": "mywebserver-long-url-bo(9501)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9501.php" + }, + { + "name": "5184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5184" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1191.json b/2002/1xxx/CVE-2002-1191.json index bf59c1a5328..2c82c23e071 100644 --- a/2002/1xxx/CVE-2002-1191.json +++ b/2002/1xxx/CVE-2002-1191.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021016 Denial of Service in Sabre Desktop Reservation Client for Windows", - "refsource" : "IDEFENSE", - "url" : "http://marc.info/?l=bugtraq&m=103478372603106&w=2" - }, - { - "name" : "20021010 Denial of Service in Sabre Desktop Reservation Client for Windows", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=48" - }, - { - "name" : "http://www.idefense.com/advisory/10.16.02.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/10.16.02.txt" - }, - { - "name" : "5974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5974" - }, - { - "name" : "6555", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6555" - }, - { - "name" : "sabre-sabserv-client-dos(10378)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10378.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sabserv client component in Sabre Desktop Reservation Software 4.2 through 4.4 allows remote attackers to cause a denial of service via malformed input to TCP port 1001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5974" + }, + { + "name": "20021016 Denial of Service in Sabre Desktop Reservation Client for Windows", + "refsource": "IDEFENSE", + "url": "http://marc.info/?l=bugtraq&m=103478372603106&w=2" + }, + { + "name": "sabre-sabserv-client-dos(10378)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10378.php" + }, + { + "name": "6555", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6555" + }, + { + "name": "http://www.idefense.com/advisory/10.16.02.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/10.16.02.txt" + }, + { + "name": "20021010 Denial of Service in Sabre Desktop Reservation Client for Windows", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=48" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1667.json b/2002/1xxx/CVE-2002-1667.json index e90ea79ce9b..9cd0615ada5 100644 --- a/2002/1xxx/CVE-2002-1667.json +++ b/2002/1xxx/CVE-2002-1667.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:22", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc" - }, - { - "name" : "freebsd-mmap-msync-dos(8921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-02:22", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc" + }, + { + "name": "freebsd-mmap-msync-dos(8921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8921" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1712.json b/2002/1xxx/CVE-2002-1712.json index 5dff8db386d..54a20431c9f 100644 --- a/2002/1xxx/CVE-2002-1712.json +++ b/2002/1xxx/CVE-2002-1712.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020128 SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/252616" - }, - { - "name" : "Q280446", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q280446" - }, - { - "name" : "win2k-empty-tcp-dos(8037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8037" - }, - { - "name" : "3967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q280446", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;EN-US;q280446" + }, + { + "name": "win2k-empty-tcp-dos(8037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8037" + }, + { + "name": "3967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3967" + }, + { + "name": "20020128 SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/252616" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1901.json b/2002/1xxx/CVE-2002-1901.json index 03c6c1859a4..502fb59243a 100644 --- a/2002/1xxx/CVE-2002-1901.json +++ b/2002/1xxx/CVE-2002-1901.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4992" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0514.json b/2003/0xxx/CVE-2003-0514.json index 45ee9737dfa..9bd22b866c7 100644 --- a/2003/0xxx/CVE-2003-0514.json +++ b/2003/0xxx/CVE-2003-0514.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" - }, - { - "name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html" + }, + { + "name": "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0767.json b/2003/0xxx/CVE-2003-0767.json index 3aff0dc1a4f..f7ed6bb931b 100644 --- a/2003/0xxx/CVE-2003-0767.json +++ b/2003/0xxx/CVE-2003-0767.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030908 Rogerwilco: server's buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106304902323758&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030908 Rogerwilco: server's buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106304902323758&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0956.json b/2003/0xxx/CVE-2003-0956.json index 06b5696c141..e7e31d22fdc 100644 --- a/2003/0xxx/CVE-2003-0956.json +++ b/2003/0xxx/CVE-2003-0956.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg", - "refsource" : "CONFIRM", - "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg" - }, - { - "name" : "linux-kernel-odirect-information-disclosure(42942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-kernel-odirect-information-disclosure(42942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42942" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg", + "refsource": "CONFIRM", + "url": "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1485.json b/2003/1xxx/CVE-2003-1485.json index ac6f5097c40..e930f41f36f 100644 --- a/2003/1xxx/CVE-2003-1485.json +++ b/2003/1xxx/CVE-2003-1485.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains \"multiple extensions combined with large blocks of white space.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", - "refsource" : "CONFIRM", - "url" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm" - }, - { - "name" : "7568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains \"multiple extensions combined with large blocks of white space.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm", + "refsource": "CONFIRM", + "url": "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm" + }, + { + "name": "7568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7568" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0136.json b/2012/0xxx/CVE-2012-0136.json index 45bfbc1d9cc..fab3bff4ba6 100644 --- a/2012/0xxx/CVE-2012-0136.json +++ b/2012/0xxx/CVE-2012-0136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka \"VSD File Format Memory Corruption Vulnerability,\" a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015" - }, - { - "name" : "TA12-045A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14924", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka \"VSD File Format Memory Corruption Vulnerability,\" a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-045A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" + }, + { + "name": "oval:org.mitre.oval:def:14924", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14924" + }, + { + "name": "MS12-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-015" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0197.json b/2012/0xxx/CVE-2012-0197.json index d41c3b082cb..dc050da298a 100644 --- a/2012/0xxx/CVE-2012-0197.json +++ b/2012/0xxx/CVE-2012-0197.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0197", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0197", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0227.json b/2012/0xxx/CVE-2012-0227.json index 039771b625f..8ea85318c8c 100644 --- a/2012/0xxx/CVE-2012-0227.json +++ b/2012/0xxx/CVE-2012-0227.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dsecrg.com/pages/vul/show.php?id=406", - "refsource" : "MISC", - "url" : "http://dsecrg.com/pages/vul/show.php?id=406" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf" - }, - { - "name" : "51601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51601" - }, - { - "name" : "flexgrid-activex-bo(72604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file name argument to the Archive method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01A.pdf" + }, + { + "name": "51601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51601" + }, + { + "name": "flexgrid-activex-bo(72604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72604" + }, + { + "name": "http://dsecrg.com/pages/vul/show.php?id=406", + "refsource": "MISC", + "url": "http://dsecrg.com/pages/vul/show.php?id=406" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0406.json b/2012/0xxx/CVE-2012-0406.json index 7ed9aae9572..5627d6a711f 100644 --- a/2012/0xxx/CVE-2012-0406.json +++ b/2012/0xxx/CVE-2012-0406.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-0406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522408/30/0/threaded" - }, - { - "name" : "18688", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18688/" - }, - { - "name" : "http://aluigi.altervista.org/adv/dpa_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/dpa_1-adv.txt" - }, - { - "name" : "1026956", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522408/30/0/threaded" + }, + { + "name": "18688", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18688/" + }, + { + "name": "1026956", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026956" + }, + { + "name": "http://aluigi.altervista.org/adv/dpa_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/dpa_1-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0780.json b/2012/0xxx/CVE-2012-0780.json index f64cffcec37..b8a874a0dc4 100644 --- a/2012/0xxx/CVE-2012-0780.json +++ b/2012/0xxx/CVE-2012-0780.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-10.html" - }, - { - "name" : "53422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53422" - }, - { - "name" : "1027047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027047" - }, - { - "name" : "illustrator-unspec-code-exec(75445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-10.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-10.html" + }, + { + "name": "53422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53422" + }, + { + "name": "illustrator-unspec-code-exec(75445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75445" + }, + { + "name": "1027047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027047" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1211.json b/2012/1xxx/CVE-2012-1211.json index 1e921f455ca..4b61f0e7145 100644 --- a/2012/1xxx/CVE-2012-1211.json +++ b/2012/1xxx/CVE-2012-1211.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "51982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51982" - }, - { - "name" : "pfile-kommentar-xss(73165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pfile-kommentar-xss(73165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73165" + }, + { + "name": "http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "51982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51982" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1256.json b/2012/1xxx/CVE-2012-1256.json index fa687bf7f05..3e186ff74f3 100644 --- a/2012/1xxx/CVE-2012-1256.json +++ b/2012/1xxx/CVE-2012-1256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#273502", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/273502" - }, - { - "name" : "48124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#273502", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/273502" + }, + { + "name": "48124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48124" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1621.json b/2012/1xxx/CVE-2012-1621.json index 7b1d0206387..cb442f6eb28 100644 --- a/2012/1xxx/CVE-2012-1621.json +++ b/2012/1xxx/CVE-2012-1621.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2012/Apr/101" - }, - { - "name" : "20120415 [CVE-2012-1621] Apache OFBiz information\tdisclosure vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Apr/172" - }, - { - "name" : "[ofbiz-dev] 20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/ofbiz-dev/201204.mbox/%3CA126EDA0-06A5-4B67-8CDD-FC5F5AABA147@apache.org%3E" - }, - { - "name" : "[www-announce] 20120415 Apache OFBiz 10.04.02 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201204.mbox/%3C2B984C00-EC65-4455-98D3-55735ABE8AF9@apache.org%3E" - }, - { - "name" : "http://ofbiz.apache.org/download.html#vulnerabilities", - "refsource" : "CONFIRM", - "url" : "http://ofbiz.apache.org/download.html#vulnerabilities" - }, - { - "name" : "53023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53023" - }, - { - "name" : "81346", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/81346" - }, - { - "name" : "81347", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/81347" - }, - { - "name" : "81348", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/81348" - }, - { - "name" : "81349", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/81349" - }, - { - "name" : "1026927", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026927" - }, - { - "name" : "48800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48800" - }, - { - "name" : "apache-ofbiz-multiple-xss(74870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2012/Apr/101" + }, + { + "name": "[www-announce] 20120415 Apache OFBiz 10.04.02 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201204.mbox/%3C2B984C00-EC65-4455-98D3-55735ABE8AF9@apache.org%3E" + }, + { + "name": "http://ofbiz.apache.org/download.html#vulnerabilities", + "refsource": "CONFIRM", + "url": "http://ofbiz.apache.org/download.html#vulnerabilities" + }, + { + "name": "48800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48800" + }, + { + "name": "81349", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/81349" + }, + { + "name": "81346", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/81346" + }, + { + "name": "81347", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/81347" + }, + { + "name": "20120415 [CVE-2012-1621] Apache OFBiz information\tdisclosure vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Apr/172" + }, + { + "name": "apache-ofbiz-multiple-xss(74870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74870" + }, + { + "name": "53023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53023" + }, + { + "name": "81348", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/81348" + }, + { + "name": "[ofbiz-dev] 20120415 [CVE-2012-1621] Apache OFBiz information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/ofbiz-dev/201204.mbox/%3CA126EDA0-06A5-4B67-8CDD-FC5F5AABA147@apache.org%3E" + }, + { + "name": "1026927", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026927" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1832.json b/2012/1xxx/CVE-2012-1832.json index f861d731843..a388d98a5f6 100644 --- a/2012/1xxx/CVE-2012-1832.json +++ b/2012/1xxx/CVE-2012-1832.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf" - }, - { - "name" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653", - "refsource" : "CONFIRM", - "url" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf" + }, + { + "name": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653", + "refsource": "CONFIRM", + "url": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1884.json b/2012/1xxx/CVE-2012-1884.json index f2e8e12a96d..28f55409b5d 100644 --- a/2012/1xxx/CVE-2012-1884.json +++ b/2012/1xxx/CVE-2012-1884.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1884", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-1884", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3093.json b/2012/3xxx/CVE-2012-3093.json index 5842b86960e..957425c4b15 100644 --- a/2012/3xxx/CVE-2012-3093.json +++ b/2012/3xxx/CVE-2012-3093.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3093", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3093", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3959.json b/2012/3xxx/CVE-2012-3959.json index 04408be02a0..3654907a643 100644 --- a/2012/3xxx/CVE-2012-3959.json +++ b/2012/3xxx/CVE-2012-3959.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771994", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=771994" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "DSA-2553", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2553" - }, - { - "name" : "DSA-2556", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2556" - }, - { - "name" : "DSA-2554", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2554" - }, - { - "name" : "RHSA-2012:1211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html" - }, - { - "name" : "RHSA-2012:1210", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55324" - }, - { - "name" : "oval:org.mitre.oval:def:16805", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16805", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805" + }, + { + "name": "DSA-2556", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2556" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=771994", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=771994" + }, + { + "name": "RHSA-2012:1211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" + }, + { + "name": "55324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55324" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html" + }, + { + "name": "DSA-2553", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2553" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "RHSA-2012:1210", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "DSA-2554", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2554" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4076.json b/2012/4xxx/CVE-2012-4076.json index 24942f1a40c..9c4ec8daf1c 100644 --- a/2012/4xxx/CVE-2012-4076.json +++ b/2012/4xxx/CVE-2012-4076.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131004 Cisco NX-OS Software Input Validation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4076" - }, - { - "name" : "62848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62848" - }, - { - "name" : "98126", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98126" - }, - { - "name" : "55205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55205" - }, - { - "name" : "cisco-nxos-cve20124076-command-exec(87678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131004 Cisco NX-OS Software Input Validation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4076" + }, + { + "name": "98126", + "refsource": "OSVDB", + "url": "http://osvdb.org/98126" + }, + { + "name": "cisco-nxos-cve20124076-command-exec(87678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87678" + }, + { + "name": "55205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55205" + }, + { + "name": "62848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62848" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4090.json b/2012/4xxx/CVE-2012-4090.json index 2e55f6bb665..3b1aedf378c 100644 --- a/2012/4xxx/CVE-2012-4090.json +++ b/2012/4xxx/CVE-2012-4090.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131004 Cisco Nexus 7000 Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090" - }, - { - "name" : "62841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62841" - }, - { - "name" : "98123", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98123" - }, - { - "name" : "1029158", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029158" - }, - { - "name" : "55206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55206" - }, - { - "name" : "cisco-nxos-cve20124090-info-disc(87670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-nxos-cve20124090-info-disc(87670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87670" + }, + { + "name": "62841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62841" + }, + { + "name": "98123", + "refsource": "OSVDB", + "url": "http://osvdb.org/98123" + }, + { + "name": "1029158", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029158" + }, + { + "name": "20131004 Cisco Nexus 7000 Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4090" + }, + { + "name": "55206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55206" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4223.json b/2012/4xxx/CVE-2012-4223.json index 88fbf76d863..ee48bac3ed1 100644 --- a/2012/4xxx/CVE-2012-4223.json +++ b/2012/4xxx/CVE-2012-4223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4223", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4223", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4338.json b/2012/4xxx/CVE-2012-4338.json index 418d5e6d61b..8a9819106f4 100644 --- a/2012/4xxx/CVE-2012-4338.json +++ b/2012/4xxx/CVE-2012-4338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4418.json b/2012/4xxx/CVE-2012-4418.json index 028958d7aa5..b8342be6d23 100644 --- a/2012/4xxx/CVE-2012-4418.json +++ b/2012/4xxx/CVE-2012-4418.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Axis2 allows remote attackers to forge messages and bypass authentication via an \"XML Signature wrapping attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/12/1" - }, - { - "name" : "[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/13/1" - }, - { - "name" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", - "refsource" : "MISC", - "url" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=856755", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=856755" - }, - { - "name" : "55508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via an \"XML Signature wrapping attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/13/1" + }, + { + "name": "[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/12/1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856755", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856755" + }, + { + "name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", + "refsource": "MISC", + "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" + }, + { + "name": "55508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55508" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5867.json b/2012/5xxx/CVE-2012-5867.json index 362942736d4..19885bea2dc 100644 --- a/2012/5xxx/CVE-2012-5867.json +++ b/2012/5xxx/CVE-2012-5867.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5867", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5867", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002017.json b/2017/1002xxx/CVE-2017-1002017.json index 8b1d27481fc..94159d15fb0 100644 --- a/2017/1002xxx/CVE-2017-1002017.json +++ b/2017/1002xxx/CVE-2017-1002017.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-15", - "ID" : "CVE-2017-1002017", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "gift-certificate-creator", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Bob Cares" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored XSS" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-05-15", + "ID": "CVE-2017-1002017", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "gift-certificate-creator", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.0" + } + ] + } + } + ] + }, + "vendor_name": "Bob Cares" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=191", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=191" - }, - { - "name" : "https://wordpress.org/plugins/gift-certificate-creator/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/gift-certificate-creator/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=191", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=191" + }, + { + "name": "https://wordpress.org/plugins/gift-certificate-creator/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/gift-certificate-creator/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2555.json b/2017/2xxx/CVE-2017-2555.json index b9c045e5fdd..f711c4a4a99 100644 --- a/2017/2xxx/CVE-2017-2555.json +++ b/2017/2xxx/CVE-2017-2555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3099.json b/2017/3xxx/CVE-2017-3099.json index f5401ca886d..a0d3fd39aeb 100644 --- a/2017/3xxx/CVE-2017-3099.json +++ b/2017/3xxx/CVE-2017-3099.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 26.0.0.131 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 26.0.0.131 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 26.0.0.131 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 26.0.0.131 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1731" - }, - { - "name" : "99520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99520" - }, - { - "name" : "1038845", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99520" + }, + { + "name": "1038845", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038845" + }, + { + "name": "RHSA-2017:1731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1731" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3673.json b/2017/3xxx/CVE-2017-3673.json index 9d23983808d..63da1806016 100644 --- a/2017/3xxx/CVE-2017-3673.json +++ b/2017/3xxx/CVE-2017-3673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3857.json b/2017/3xxx/CVE-2017-3857.json index 982678ba754..a65c6a67b58 100644 --- a/2017/3xxx/CVE-2017-3857.json +++ b/2017/3xxx/CVE-2017-3857.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399 Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp" - }, - { - "name" : "97010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97010" - }, - { - "name" : "1038100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399 Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038100" + }, + { + "name": "97010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97010" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6519.json b/2017/6xxx/CVE-2017-6519.json index 97efc693e53..ca2779faea7 100644 --- a/2017/6xxx/CVE-2017-6519.json +++ b/2017/6xxx/CVE-2017-6519.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1426712", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1426712" - }, - { - "name" : "https://www.secfu.net/advisories", - "refsource" : "MISC", - "url" : "https://www.secfu.net/advisories" - }, - { - "name" : "https://github.com/lathiat/avahi/issues/203", - "refsource" : "MISC", - "url" : "https://github.com/lathiat/avahi/issues/203" - }, - { - "name" : "https://github.com/lathiat/avahi/issues/203#issuecomment-449536790", - "refsource" : "MISC", - "url" : "https://github.com/lathiat/avahi/issues/203#issuecomment-449536790" - }, - { - "name" : "USN-3876-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3876-2/" - }, - { - "name" : "USN-3876-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3876-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lathiat/avahi/issues/203#issuecomment-449536790", + "refsource": "MISC", + "url": "https://github.com/lathiat/avahi/issues/203#issuecomment-449536790" + }, + { + "name": "USN-3876-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3876-1/" + }, + { + "name": "https://github.com/lathiat/avahi/issues/203", + "refsource": "MISC", + "url": "https://github.com/lathiat/avahi/issues/203" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1426712", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1426712" + }, + { + "name": "USN-3876-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3876-2/" + }, + { + "name": "https://www.secfu.net/advisories", + "refsource": "MISC", + "url": "https://www.secfu.net/advisories" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6835.json b/2017/6xxx/CVE-2017-6835.json index e184f098951..2bbf7e51031 100644 --- a/2017/6xxx/CVE-2017-6835.json +++ b/2017/6xxx/CVE-2017-6835.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/7" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/39", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/39" - }, - { - "name" : "https://github.com/mpruett/audiofile/pull/42", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/pull/42" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mpruett/audiofile/pull/42", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/pull/42" + }, + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + }, + { + "name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/7" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/39", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/39" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7188.json b/2017/7xxx/CVE-2017-7188.json index f5054bbcdcd..e4f827415e3 100644 --- a/2017/7xxx/CVE-2017-7188.json +++ b/2017/7xxx/CVE-2017-7188.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitbucket.org/zurmo/zurmo/issues/426/to-report-a-xss-security-vulnerability-in", - "refsource" : "MISC", - "url" : "https://bitbucket.org/zurmo/zurmo/issues/426/to-report-a-xss-security-vulnerability-in" - }, - { - "name" : "https://github.com/faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC", - "refsource" : "MISC", - "url" : "https://github.com/faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC" - }, - { - "name" : "97681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bitbucket.org/zurmo/zurmo/issues/426/to-report-a-xss-security-vulnerability-in", + "refsource": "MISC", + "url": "https://bitbucket.org/zurmo/zurmo/issues/426/to-report-a-xss-security-vulnerability-in" + }, + { + "name": "https://github.com/faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC", + "refsource": "MISC", + "url": "https://github.com/faizzaidi/Zurmo-Stable-3.1.1-XSS-By-Provensec-LLC" + }, + { + "name": "97681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97681" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7529.json b/2017/7xxx/CVE-2017-7529.json index e0dad0825ae..b0f26c26e1e 100644 --- a/2017/7xxx/CVE-2017-7529.json +++ b/2017/7xxx/CVE-2017-7529.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-7529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nginx", - "version" : { - "version_data" : [ - { - "version_value" : "0.5.6 - 1.13.2" - } - ] - } - } - ] - }, - "vendor_name" : "nginx" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-190" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-7529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nginx", + "version": { + "version_data": [ + { + "version_value": "0.5.6 - 1.13.2" + } + ] + } + } + ] + }, + "vendor_name": "nginx" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", - "refsource" : "MLIST", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" - }, - { - "name" : "https://puppet.com/security/cve/cve-2017-7529", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2017-7529" - }, - { - "name" : "RHSA-2017:2538", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2538" - }, - { - "name" : "99534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99534" - }, - { - "name" : "1039238", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)", + "refsource": "MLIST", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" + }, + { + "name": "RHSA-2017:2538", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2538" + }, + { + "name": "99534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99534" + }, + { + "name": "1039238", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039238" + }, + { + "name": "https://puppet.com/security/cve/cve-2017-7529", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2017-7529" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7771.json b/2017/7xxx/CVE-2017-7771.json index 195975d482b..ed9a4dd71d8 100644 --- a/2017/7xxx/CVE-2017-7771.json +++ b/2017/7xxx/CVE-2017-7771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7979.json b/2017/7xxx/CVE-2017-7979.json index f3a5fea0be6..d3c877232d5 100644 --- a/2017/7xxx/CVE-2017-7979.json +++ b/2017/7xxx/CVE-2017-7979.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via \"tc filter add\" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marc.info/?l=linux-netdev&m=149200742616349", - "refsource" : "MISC", - "url" : "http://marc.info/?l=linux-netdev&m=149200742616349" - }, - { - "name" : "http://marc.info/?l=linux-netdev&m=149200746116365", - "refsource" : "MISC", - "url" : "http://marc.info/?l=linux-netdev&m=149200746116365" - }, - { - "name" : "http://marc.info/?l=linux-netdev&m=149200746116366", - "refsource" : "MISC", - "url" : "http://marc.info/?l=linux-netdev&m=149200746116366" - }, - { - "name" : "http://marc.info/?l=linux-netdev&m=149251041420194", - "refsource" : "MISC", - "url" : "http://marc.info/?l=linux-netdev&m=149251041420194" - }, - { - "name" : "http://marc.info/?l=linux-netdev&m=149251041420195", - "refsource" : "MISC", - "url" : "http://marc.info/?l=linux-netdev&m=149251041420195" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368" - }, - { - "name" : "https://bugzilla.proxmox.com/show_bug.cgi?id=1351", - "refsource" : "MISC", - "url" : "https://bugzilla.proxmox.com/show_bug.cgi?id=1351" - }, - { - "name" : "97969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via \"tc filter add\" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=linux-netdev&m=149251041420195", + "refsource": "MISC", + "url": "http://marc.info/?l=linux-netdev&m=149251041420195" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1682368" + }, + { + "name": "https://bugzilla.proxmox.com/show_bug.cgi?id=1351", + "refsource": "MISC", + "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=1351" + }, + { + "name": "http://marc.info/?l=linux-netdev&m=149200742616349", + "refsource": "MISC", + "url": "http://marc.info/?l=linux-netdev&m=149200742616349" + }, + { + "name": "http://marc.info/?l=linux-netdev&m=149200746116365", + "refsource": "MISC", + "url": "http://marc.info/?l=linux-netdev&m=149200746116365" + }, + { + "name": "http://marc.info/?l=linux-netdev&m=149251041420194", + "refsource": "MISC", + "url": "http://marc.info/?l=linux-netdev&m=149251041420194" + }, + { + "name": "http://marc.info/?l=linux-netdev&m=149200746116366", + "refsource": "MISC", + "url": "http://marc.info/?l=linux-netdev&m=149200746116366" + }, + { + "name": "97969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97969" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10712.json b/2018/10xxx/CVE-2018-10712.json index cccc390db63..4264209e904 100644 --- a/2018/10xxx/CVE-2018-10712.json +++ b/2018/10xxx/CVE-2018-10712.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45716", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45716/" - }, - { - "name" : "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities", + "refsource": "MISC", + "url": "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities" + }, + { + "name": "45716", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45716/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10818.json b/2018/10xxx/CVE-2018-10818.json index a53cf60914b..1c2b6b4b430 100644 --- a/2018/10xxx/CVE-2018-10818.json +++ b/2018/10xxx/CVE-2018-10818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10818", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10818", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14478.json b/2018/14xxx/CVE-2018-14478.json index ff395c7816b..3d56dc5073f 100644 --- a/2018/14xxx/CVE-2018-14478.json +++ b/2018/14xxx/CVE-2018-14478.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14478", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14478", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14636.json b/2018/14xxx/CVE-2018-14636.json index 2558b0483b3..707c98bd8b3 100644 --- a/2018/14xxx/CVE-2018-14636.json +++ b/2018/14xxx/CVE-2018-14636.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-14636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "openstack-neutron", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0.0b2" - }, - { - "version_value" : "12.0.3" - }, - { - "version_value" : "11.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "The Openstack Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-300" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openstack-neutron", + "version": { + "version_data": [ + { + "version_value": "13.0.0.0b2" + }, + { + "version_value": "12.0.3" + }, + { + "version_value": "11.0.5" + } + ] + } + } + ] + }, + "vendor_name": "The Openstack Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/neutron/+bug/1734320", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/neutron/+bug/1734320" - }, - { - "name" : "https://bugs.launchpad.net/neutron/+bug/1767422", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/neutron/+bug/1767422" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/neutron/+bug/1767422", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/neutron/+bug/1767422" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14636" + }, + { + "name": "https://bugs.launchpad.net/neutron/+bug/1734320", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/neutron/+bug/1734320" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17551.json b/2018/17xxx/CVE-2018-17551.json index 31e6716a029..09000469cc0 100644 --- a/2018/17xxx/CVE-2018-17551.json +++ b/2018/17xxx/CVE-2018-17551.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17551", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17551", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17605.json b/2018/17xxx/CVE-2018-17605.json index 644b466d198..32f11e96969 100644 --- a/2018/17xxx/CVE-2018-17605.json +++ b/2018/17xxx/CVE-2018-17605.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017", - "refsource" : "MISC", - "url" : "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017" - }, - { - "name" : "https://github.com/grails/grails-core/issues/11068", - "refsource" : "MISC", - "url" : "https://github.com/grails/grails-core/issues/11068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017", + "refsource": "MISC", + "url": "https://github.com/bertramdev/asset-pipeline/commit/a29533c52e4b60e244082433e116d2a038d01017" + }, + { + "name": "https://github.com/grails/grails-core/issues/11068", + "refsource": "MISC", + "url": "https://github.com/grails/grails-core/issues/11068" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17643.json b/2018/17xxx/CVE-2018-17643.json index 700c33e2dc2..e791793b5f2 100644 --- a/2018/17xxx/CVE-2018-17643.json +++ b/2018/17xxx/CVE-2018-17643.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the editValue property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6480." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1229/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1229/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the editValue property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6480." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1229/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1229/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20456.json b/2018/20xxx/CVE-2018-20456.json index 059e993b1b5..cfb53a59576 100644 --- a/2018/20xxx/CVE-2018-20456.json +++ b/2018/20xxx/CVE-2018-20456.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185" - }, - { - "name" : "https://github.com/radare/radare2/issues/12372", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/12372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer over-read) by crafting an input file, a related issue to CVE-2018-20455." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/9b46d38dd3c4de6048a488b655c7319f845af185" + }, + { + "name": "https://github.com/radare/radare2/issues/12372", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/12372" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20474.json b/2018/20xxx/CVE-2018-20474.json index abc378f7305..b107b306ae5 100644 --- a/2018/20xxx/CVE-2018-20474.json +++ b/2018/20xxx/CVE-2018-20474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20540.json b/2018/20xxx/CVE-2018-20540.json index 2b2c3be5c87..8ba9a8fc3fd 100644 --- a/2018/20xxx/CVE-2018-20540.json +++ b/2018/20xxx/CVE-2018-20540.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652612", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652612", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652612" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9068.json b/2018/9xxx/CVE-2018-9068.json index bfc50c310bc..3cdf8e67044 100644 --- a/2018/9xxx/CVE-2018-9068.json +++ b/2018/9xxx/CVE-2018-9068.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2018-07-26T00:00:00", - "ID" : "CVE-2018-9068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "System x IMM2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware versions earlier than 4.90" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - }, - { - "product" : { - "product_data" : [ - { - "product_name" : "System x IMM2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware versions earlier than 6.80" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2018-07-26T00:00:00", + "ID": "CVE-2018-9068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "System x IMM2", + "version": { + "version_data": [ + { + "version_value": "firmware versions earlier than 4.90" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + }, + { + "product": { + "product_data": [ + { + "product_name": "System x IMM2", + "version": { + "version_data": [ + { + "version_value": "firmware versions earlier than 6.80" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-20227", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-20227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-20227", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-20227" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9302.json b/2018/9xxx/CVE-2018-9302.json index 4f0ced50ad8..fdacddd2aa8 100644 --- a/2018/9xxx/CVE-2018-9302.json +++ b/2018/9xxx/CVE-2018-9302.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44567", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44567/" - }, - { - "name" : "20180501 SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 (CVE-2018-9302)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in Cockpit 0.4.4 through 0.5.5 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14611, which was about version 0.13.0, which (surprisingly) is an earlier version than 0.4.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180501 SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 (CVE-2018-9302)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/10" + }, + { + "name": "44567", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44567/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9604.json b/2018/9xxx/CVE-2018-9604.json index 3aeab090683..100b9659cee 100644 --- a/2018/9xxx/CVE-2018-9604.json +++ b/2018/9xxx/CVE-2018-9604.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9604", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9604", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9679.json b/2018/9xxx/CVE-2018-9679.json index 1ba09cc5dd3..c50052734be 100644 --- a/2018/9xxx/CVE-2018-9679.json +++ b/2018/9xxx/CVE-2018-9679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9679", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9679", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9860.json b/2018/9xxx/CVE-2018-9860.json index cb5041a8a45..c469e83f4d9 100644 --- a/2018/9xxx/CVE-2018-9860.json +++ b/2018/9xxx/CVE-2018-9860.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://botan.randombit.net/security.html", - "refsource" : "MISC", - "url" : "https://botan.randombit.net/security.html" - }, - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7434", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7434", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7434" + }, + { + "name": "https://botan.randombit.net/security.html", + "refsource": "MISC", + "url": "https://botan.randombit.net/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9938.json b/2018/9xxx/CVE-2018-9938.json index 68d55b81369..2016bb2e475 100644 --- a/2018/9xxx/CVE-2018-9938.json +++ b/2018/9xxx/CVE-2018-9938.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-704-Incorrect Type Conversion or Cast" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-322", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-322" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-322", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-322" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file