diff --git a/2003/0xxx/CVE-2003-0112.json b/2003/0xxx/CVE-2003-0112.json index a519e93a9e1..ceb55f99ea5 100644 --- a/2003/0xxx/CVE-2003-0112.json +++ b/2003/0xxx/CVE-2003-0112.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013" - }, - { - "name" : "VU#446338", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/446338" - }, - { - "name" : "oval:org.mitre.oval:def:1264", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264" - }, - { - "name" : "oval:org.mitre.oval:def:142", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142" - }, - { - "name" : "oval:org.mitre.oval:def:262", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A262" - }, - { - "name" : "oval:org.mitre.oval:def:779", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A779" - }, - { - "name" : "win-kernel-lpcrequestwaitreplyport-bo(11803)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11803" - }, - { - "name" : "7370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7370" - }, - { - "name" : "oval:org.mitre.oval:def:2022", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022" - }, - { - "name" : "oval:org.mitre.oval:def:2265", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2265" - }, - { - "name" : "oval:org.mitre.oval:def:3145", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:779", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A779" + }, + { + "name": "7370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7370" + }, + { + "name": "oval:org.mitre.oval:def:2265", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2265" + }, + { + "name": "oval:org.mitre.oval:def:262", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A262" + }, + { + "name": "oval:org.mitre.oval:def:142", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142" + }, + { + "name": "MS03-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013" + }, + { + "name": "win-kernel-lpcrequestwaitreplyport-bo(11803)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11803" + }, + { + "name": "oval:org.mitre.oval:def:1264", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264" + }, + { + "name": "oval:org.mitre.oval:def:2022", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022" + }, + { + "name": "VU#446338", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/446338" + }, + { + "name": "oval:org.mitre.oval:def:3145", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3145" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0121.json b/2003/0xxx/CVE-2003-0121.json index 9772469739e..b029cfac9f6 100644 --- a/2003/0xxx/CVE-2003-0121.json +++ b/2003/0xxx/CVE-2003-0121.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104716030503607&w=2" - }, - { - "name" : "20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316311" - }, - { - "name" : "7044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104716030503607&w=2" + }, + { + "name": "20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316311" + }, + { + "name": "7044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7044" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0842.json b/2003/0xxx/CVE-2003-0842.json index 27ec39cac7e..32c7699c6e3 100644 --- a/2003/0xxx/CVE-2003-0842.json +++ b/2003/0xxx/CVE-2003-0842.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an \"Accept-Encoding: gzip\" header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030601 Mod_gzip Debug Mode Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an \"Accept-Encoding: gzip\" header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030601 Mod_gzip Debug Mode Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105457180009860&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1147.json b/2003/1xxx/CVE-2003-1147.json index 25cf6970684..cab6cb10495 100644 --- a/2003/1xxx/CVE-2003-1147.json +++ b/2003/1xxx/CVE-2003-1147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1147", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0955. Reason: This candidate is a duplicate of CVE-2003-0955. Notes: All CVE users should reference CVE-2003-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-1147", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0955. Reason: This candidate is a duplicate of CVE-2003-0955. Notes: All CVE users should reference CVE-2003-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1312.json b/2003/1xxx/CVE-2003-1312.json index 0ed05ce0840..6d724e9aabe 100644 --- a/2003/1xxx/CVE-2003-1312.json +++ b/2003/1xxx/CVE-2003-1312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[curl-users] 20030529 Re: https, redirection and authentication using POST", - "refsource" : "MLIST", - "url" : "http://curl.haxx.se/mail/archive-2003-05/0172.html" - }, - { - "name" : "30741", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[curl-users] 20030529 Re: https, redirection and authentication using POST", + "refsource": "MLIST", + "url": "http://curl.haxx.se/mail/archive-2003-05/0172.html" + }, + { + "name": "30741", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30741" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1532.json b/2003/1xxx/CVE-2003-1532.json index 6ef7e38fab2..d7752fa7d5e 100644 --- a/2003/1xxx/CVE-2003-1532.json +++ b/2003/1xxx/CVE-2003-1532.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030203 phpMyShop (php)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/309921/30/26090/threaded" - }, - { - "name" : "6746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6746" - }, - { - "name" : "1006030", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006030" - }, - { - "name" : "7990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7990" - }, - { - "name" : "3348", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3348", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3348" + }, + { + "name": "6746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6746" + }, + { + "name": "20030203 phpMyShop (php)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/309921/30/26090/threaded" + }, + { + "name": "7990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7990" + }, + { + "name": "1006030", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006030" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0055.json b/2004/0xxx/CVE-2004-0055.json index da9ae75e5cf..9e730ecb9e6 100644 --- a/2004/0xxx/CVE-2004-0055.json +++ b/2004/0xxx/CVE-2004-0055.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2" - }, - { - "name" : "[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1", - "refsource" : "MLIST", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html" - }, - { - "name" : "APPLE-SA-2004-02-23", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" - }, - { - "name" : "CSSA-2004-008.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt" - }, - { - "name" : "CLSA-2003:832", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832" - }, - { - "name" : "FLSA:1222", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html" - }, - { - "name" : "FEDORA-2004-090", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html" - }, - { - "name" : "FEDORA-2004-092", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html" - }, - { - "name" : "RHSA-2004:008", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-008.html" - }, - { - "name" : "DSA-425", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-425" - }, - { - "name" : "MDKSA-2004:008", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008" - }, - { - "name" : "SCOSA-2004.9", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt" - }, - { - "name" : "20040103-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc" - }, - { - "name" : "20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107577418225627&w=2" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "2004-0004", - "refsource" : "TRUSTIX", - "url" : "http://lwn.net/Alerts/66445/" - }, - { - "name" : "VU#955526", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/955526" - }, - { - "name" : "7090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7090" - }, - { - "name" : "oval:org.mitre.oval:def:850", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A850" - }, - { - "name" : "oval:org.mitre.oval:def:853", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A853" - }, - { - "name" : "oval:org.mitre.oval:def:9989", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9989" - }, - { - "name" : "1008735", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008735" - }, - { - "name" : "10636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10636" - }, - { - "name" : "10639", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10639" - }, - { - "name" : "10644", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10644" - }, - { - "name" : "10652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10652" - }, - { - "name" : "10718", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10718" - }, - { - "name" : "11022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11022" - }, - { - "name" : "11032", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11032/" - }, - { - "name" : "12179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12179/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:850", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A850" + }, + { + "name": "CLSA-2003:832", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000832" + }, + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "FEDORA-2004-090", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html" + }, + { + "name": "10718", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10718" + }, + { + "name": "SCOSA-2004.9", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt" + }, + { + "name": "RHSA-2004:008", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-008.html" + }, + { + "name": "FLSA:1222", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html" + }, + { + "name": "1008735", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008735" + }, + { + "name": "7090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7090" + }, + { + "name": "11032", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11032/" + }, + { + "name": "CSSA-2004-008.0", + "refsource": "CALDERA", + "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt" + }, + { + "name": "[tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1", + "refsource": "MLIST", + "url": "http://marc.info/?l=tcpdump-workers&m=107325073018070&w=2" + }, + { + "name": "[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1", + "refsource": "MLIST", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html" + }, + { + "name": "VU#955526", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/955526" + }, + { + "name": "11022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11022" + }, + { + "name": "10636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10636" + }, + { + "name": "20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107577418225627&w=2" + }, + { + "name": "oval:org.mitre.oval:def:9989", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9989" + }, + { + "name": "12179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12179/" + }, + { + "name": "10644", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10644" + }, + { + "name": "MDKSA-2004:008", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008" + }, + { + "name": "20040103-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc" + }, + { + "name": "DSA-425", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-425" + }, + { + "name": "10652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10652" + }, + { + "name": "oval:org.mitre.oval:def:853", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A853" + }, + { + "name": "APPLE-SA-2004-02-23", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" + }, + { + "name": "10639", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10639" + }, + { + "name": "FEDORA-2004-092", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html" + }, + { + "name": "2004-0004", + "refsource": "TRUSTIX", + "url": "http://lwn.net/Alerts/66445/" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0296.json b/2004/0xxx/CVE-2004-0296.json index 5fef9762b8c..1f437ab2f84 100644 --- a/2004/0xxx/CVE-2004-0296.json +++ b/2004/0xxx/CVE-2004-0296.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040217 Broker FTP DoS (Message Server)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107705346817241&w=2" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html" - }, - { - "name" : "broker-ftp-dos(15241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15241" - }, - { - "name" : "9680", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040217 Broker FTP DoS (Message Server)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107705346817241&w=2" + }, + { + "name": "9680", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9680" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5IP0B0AC1I.html" + }, + { + "name": "broker-ftp-dos(15241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15241" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0377.json b/2004/0xxx/CVE-2004-0377.json index 40cfd2925de..571bac13cdd 100644 --- a/2004/0xxx/CVE-2004-0377.json +++ b/2004/0xxx/CVE-2004-0377.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040405 [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108118694327979&w=2" - }, - { - "name" : "20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html" - }, - { - "name" : "http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities" - }, - { - "name" : "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552", - "refsource" : "CONFIRM", - "url" : "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552" - }, - { - "name" : "VU#722414", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/722414" - }, - { - "name" : "perl-win32stat-bo(15732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perl-win32stat-bo(15732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15732" + }, + { + "name": "20040405 [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108118694327979&w=2" + }, + { + "name": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552", + "refsource": "CONFIRM", + "url": "http://public.activestate.com/cgi-bin/perlbrowse?patch=22552" + }, + { + "name": "VU#722414", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/722414" + }, + { + "name": "http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities", + "refsource": "MISC", + "url": "http://www.idefense.com/application/poi/display?id=93&type=vulnerabilities" + }, + { + "name": "20040405 iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0548.json b/2004/0xxx/CVE-2004-0548.json index 8dcfb8def17..004d08f65f7 100644 --- a/2004/0xxx/CVE-2004-0548.json +++ b/2004/0xxx/CVE-2004-0548.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) \"c\" compress option or (2) \"d\" decompress option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040608 Aspell 'word-list-compress' stack overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108675120224531&w=2" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" - }, - { - "name" : "GLSA-200406-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml" - }, - { - "name" : "10497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) \"c\" compress option or (2) \"d\" decompress option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10497" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html" + }, + { + "name": "GLSA-200406-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-14.xml" + }, + { + "name": "20040608 Aspell 'word-list-compress' stack overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108675120224531&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2372.json b/2004/2xxx/CVE-2004-2372.json index 4e47f34935f..fec613907ed 100644 --- a/2004/2xxx/CVE-2004-2372.json +++ b/2004/2xxx/CVE-2004-2372.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=215733", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=215733" - }, - { - "name" : "1009219", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009219" - }, - { - "name" : "bochs-home-bo(15309)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bochs-home-bo(15309)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15309" + }, + { + "name": "1009219", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009219" + }, + { + "name": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5XP0L1FC0M.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=215733", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=215733" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2382.json b/2004/2xxx/CVE-2004-2382.json index 9dd4ec81709..8136563573c 100644 --- a/2004/2xxx/CVE-2004-2382.json +++ b/2004/2xxx/CVE-2004-2382.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as \"?\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040226 PerfectNav Crashes IE", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017830.html" - }, - { - "name" : "http://securetarget.net/advisory.htm", - "refsource" : "MISC", - "url" : "http://securetarget.net/advisory.htm" - }, - { - "name" : "9753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9753" - }, - { - "name" : "1009218", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009218" - }, - { - "name" : "ie-perfect-nav-dos(15326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as \"?\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-perfect-nav-dos(15326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15326" + }, + { + "name": "http://securetarget.net/advisory.htm", + "refsource": "MISC", + "url": "http://securetarget.net/advisory.htm" + }, + { + "name": "9753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9753" + }, + { + "name": "20040226 PerfectNav Crashes IE", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017830.html" + }, + { + "name": "1009218", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009218" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2701.json b/2004/2xxx/CVE-2004-2701.json index 075ab65cdbf..66324ebcc25 100644 --- a/2004/2xxx/CVE-2004-2701.json +++ b/2004/2xxx/CVE-2004-2701.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.html" - }, - { - "name" : "20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.html" - }, - { - "name" : "10507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10507" - }, - { - "name" : "11839", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11839" - }, - { - "name" : "aspdotnetstorefront-signin-xss(16426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspdotnetstorefront-signin-xss(16426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16426" + }, + { + "name": "20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.html" + }, + { + "name": "10507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10507" + }, + { + "name": "11839", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11839" + }, + { + "name": "20040609 [FULL DISCLOSURE] ASPDOTNETSTOREFRONT Cross-Site Scripting Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2264.json b/2008/2xxx/CVE-2008-2264.json index 26ce147ca12..b301b19ff72 100644 --- a/2008/2xxx/CVE-2008-2264.json +++ b/2008/2xxx/CVE-2008-2264.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29153" - }, - { - "name" : "cyrixmed-index-xss(42353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29153" + }, + { + "name": "cyrixmed-index-xss(42353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42353" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2642.json b/2008/2xxx/CVE-2008-2642.json index e6fe2f50307..278698255fa 100644 --- a/2008/2xxx/CVE-2008-2642.json +++ b/2008/2xxx/CVE-2008-2642.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080601 OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492914/100/0/threaded" - }, - { - "name" : "30504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30504" - }, - { - "name" : "3932", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3932" - }, - { - "name" : "otomigenx-login-sql-injection(42795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42795" - }, - { - "name" : "otomigenx-index-sql-injection(42817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30504" + }, + { + "name": "otomigenx-login-sql-injection(42795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42795" + }, + { + "name": "3932", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3932" + }, + { + "name": "20080601 OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492914/100/0/threaded" + }, + { + "name": "otomigenx-index-sql-injection(42817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42817" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2969.json b/2008/2xxx/CVE-2008-2969.json index 2010350b9b6..f1bb9042ef4 100644 --- a/2008/2xxx/CVE-2008-2969.json +++ b/2008/2xxx/CVE-2008-2969.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493472/100/0/threaded" - }, - { - "name" : "http://www.bugreport.ir/?/44", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/?/44" - }, - { - "name" : "29813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29813" - }, - { - "name" : "3959", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3959" - }, - { - "name" : "academicwebtools-download-dir-traversal(43175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080619 Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493472/100/0/threaded" + }, + { + "name": "academicwebtools-download-dir-traversal(43175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43175" + }, + { + "name": "http://www.bugreport.ir/?/44", + "refsource": "MISC", + "url": "http://www.bugreport.ir/?/44" + }, + { + "name": "3959", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3959" + }, + { + "name": "29813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29813" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2987.json b/2008/2xxx/CVE-2008-2987.json index ed30026c9a5..439141fa62e 100644 --- a/2008/2xxx/CVE-2008-2987.json +++ b/2008/2xxx/CVE-2008-2987.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080622 Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493568/100/0/threaded" - }, - { - "name" : "29884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29884" - }, - { - "name" : "30834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30834" - }, - { - "name" : "3958", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3958" - }, - { - "name" : "benja-multiple-xss(43284)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080622 Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493568/100/0/threaded" + }, + { + "name": "3958", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3958" + }, + { + "name": "30834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30834" + }, + { + "name": "benja-multiple-xss(43284)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43284" + }, + { + "name": "29884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29884" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6073.json b/2008/6xxx/CVE-2008-6073.json index 3cb36a3ff2b..6815fec4193 100644 --- a/2008/6xxx/CVE-2008-6073.json +++ b/2008/6xxx/CVE-2008-6073.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "30471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30471" - }, - { - "name" : "storagecrypt-unspecified-weak-security(42905)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30471" + }, + { + "name": "storagecrypt-unspecified-weak-security(42905)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42905" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0099.json b/2012/0xxx/CVE-2012-0099.json index 76154140038..21e4b842bcd 100644 --- a/2012/0xxx/CVE-2012-0099.json +++ b/2012/0xxx/CVE-2012-0099.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "78425", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78425" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "sun-solarisunsp-dos(72506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "78425", + "refsource": "OSVDB", + "url": "http://osvdb.org/78425" + }, + { + "name": "sun-solarisunsp-dos(72506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72506" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1054.json b/2012/1xxx/CVE-2012-1054.json index e15db60cd6b..f4b03b59311 100644 --- a/2012/1xxx/CVE-2012-1054.json +++ b/2012/1xxx/CVE-2012-1054.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.puppetlabs.com/issues/12460", - "refsource" : "MISC", - "url" : "http://projects.puppetlabs.com/issues/12460" - }, - { - "name" : "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", - "refsource" : "CONFIRM", - "url" : "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14" - }, - { - "name" : "http://puppetlabs.com/security/cve/cve-2012-1054/", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2012-1054/" - }, - { - "name" : "DSA-2419", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2419" - }, - { - "name" : "SUSE-SU-2012:0325", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0835", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15087408" - }, - { - "name" : "USN-1372-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1372-1" - }, - { - "name" : "52158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52158" - }, - { - "name" : "79496", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79496" - }, - { - "name" : "48157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48157" - }, - { - "name" : "48161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48161" - }, - { - "name" : "48166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48166" - }, - { - "name" : "48290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48290" - }, - { - "name" : "puppet-k5login-type-symlink(73446)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73446" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48157" + }, + { + "name": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", + "refsource": "CONFIRM", + "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14" + }, + { + "name": "48166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48166" + }, + { + "name": "http://projects.puppetlabs.com/issues/12460", + "refsource": "MISC", + "url": "http://projects.puppetlabs.com/issues/12460" + }, + { + "name": "79496", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79496" + }, + { + "name": "http://puppetlabs.com/security/cve/cve-2012-1054/", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2012-1054/" + }, + { + "name": "USN-1372-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1372-1" + }, + { + "name": "48290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48290" + }, + { + "name": "48161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48161" + }, + { + "name": "SUSE-SU-2012:0325", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html" + }, + { + "name": "52158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52158" + }, + { + "name": "DSA-2419", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2419" + }, + { + "name": "puppet-k5login-type-symlink(73446)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73446" + }, + { + "name": "openSUSE-SU-2012:0835", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15087408" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1270.json b/2012/1xxx/CVE-2012-1270.json index 11a9adde8ee..d75080a98df 100644 --- a/2012/1xxx/CVE-2012-1270.json +++ b/2012/1xxx/CVE-2012-1270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1348.json b/2012/1xxx/CVE-2012-1348.json index f88ec4c4280..ca31bde47e6 100644 --- a/2012/1xxx/CVE-2012-1348.json +++ b/2012/1xxx/CVE-2012-1348.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1521.json b/2012/1xxx/CVE-2012-1521.json index 7200c00c2e1..ef0762a626f 100644 --- a/2012/1xxx/CVE-2012-1521.json +++ b/2012/1xxx/CVE-2012-1521.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=117110", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=117110" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201205-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201205-01.xml" - }, - { - "name" : "53309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53309" - }, - { - "name" : "81644", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81644" - }, - { - "name" : "oval:org.mitre.oval:def:15397", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15397" - }, - { - "name" : "1027001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027001" - }, - { - "name" : "48992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48992" - }, - { - "name" : "chrome-xml-parser-code-exec(75270)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html" + }, + { + "name": "48992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48992" + }, + { + "name": "1027001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027001" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "chrome-xml-parser-code-exec(75270)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75270" + }, + { + "name": "81644", + "refsource": "OSVDB", + "url": "http://osvdb.org/81644" + }, + { + "name": "GLSA-201205-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201205-01.xml" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=117110", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=117110" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:15397", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15397" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "53309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53309" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1622.json b/2012/1xxx/CVE-2012-1622.json index 1f578efe10c..140268cabf1 100644 --- a/2012/1xxx/CVE-2012-1622.json +++ b/2012/1xxx/CVE-2012-1622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ofbiz-user] 20120415 [CVE-2012-1622] Apache OFBiz information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/ofbiz-user/201204.mbox/%3C4F378887-E697-44E7-976C-48B9B7475C4D@apache.org%3E" - }, - { - "name" : "http://ofbiz.apache.org/download.html#security", - "refsource" : "CONFIRM", - "url" : "http://ofbiz.apache.org/download.html#security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ofbiz.apache.org/download.html#security", + "refsource": "CONFIRM", + "url": "http://ofbiz.apache.org/download.html#security" + }, + { + "name": "[ofbiz-user] 20120415 [CVE-2012-1622] Apache OFBiz information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/ofbiz-user/201204.mbox/%3C4F378887-E697-44E7-976C-48B9B7475C4D@apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5083.json b/2012/5xxx/CVE-2012-5083.json index 168834e958e..f5bd829b8e2 100644 --- a/2012/5xxx/CVE-2012-5083.json +++ b/2012/5xxx/CVE-2012-5083.json @@ -1,242 +1,242 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625794", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625794" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2012:1490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "SUSE-SU-2012:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" - }, - { - "name" : "56025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56025" - }, - { - "name" : "oval:org.mitre.oval:def:16544", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16544" - }, - { - "name" : "51141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51141" - }, - { - "name" : "51313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51313" - }, - { - "name" : "51315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51315" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51328" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51393" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "javaruntimeenvironment-2d-cve20125083(79412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51313" + }, + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "oval:org.mitre.oval:def:16544", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16544" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" + }, + { + "name": "56025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56025" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "51315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51315" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "51141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51141" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "SUSE-SU-2012:1490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "javaruntimeenvironment-2d-cve20125083(79412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79412" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" + }, + { + "name": "SUSE-SU-2012:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "RHSA-2012:1465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html" + }, + { + "name": "51328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51328" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "51393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51393" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625794", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625794" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5251.json b/2012/5xxx/CVE-2012-5251.json index e4b61d55173..35ae2b99791 100644 --- a/2012/5xxx/CVE-2012-5251.json +++ b/2012/5xxx/CVE-2012-5251.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" - }, - { - "name" : "openSUSE-SU-2013:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" - }, - { - "name" : "86028", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86028" - }, - { - "name" : "adobe-cve20125251-bo(79072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" + }, + { + "name": "86028", + "refsource": "OSVDB", + "url": "http://osvdb.org/86028" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html" + }, + { + "name": "adobe-cve20125251-bo(79072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79072" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5720.json b/2012/5xxx/CVE-2012-5720.json index acd3e04ad59..06f7c7e3121 100644 --- a/2012/5xxx/CVE-2012-5720.json +++ b/2012/5xxx/CVE-2012-5720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5779.json b/2012/5xxx/CVE-2012-5779.json index 4bd9a6b985d..36cc7ad9844 100644 --- a/2012/5xxx/CVE-2012-5779.json +++ b/2012/5xxx/CVE-2012-5779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11823.json b/2017/11xxx/CVE-2017-11823.json index e9375617a35..bbd200e4188 100644 --- a/2017/11xxx/CVE-2017-11823.json +++ b/2017/11xxx/CVE-2017-11823.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Device Guard", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka \"Microsoft Windows Security Feature Bypass\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Device Guard", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42997", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42997/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823" - }, - { - "name" : "101102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101102" - }, - { - "name" : "1039526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka \"Microsoft Windows Security Feature Bypass\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039526" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11823" + }, + { + "name": "42997", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42997/" + }, + { + "name": "101102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101102" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3259.json b/2017/3xxx/CVE-2017-3259.json index ea3b2d7004a..68420dae7a1 100644 --- a/2017/3xxx/CVE-2017-3259.json +++ b/2017/3xxx/CVE-2017-3259.json @@ -1,128 +1,128 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java SE", - "version" : { - "version_data" : [ - { - "version_value" : "6u131" - }, - { - "version_value" : "7u121" - }, - { - "version_value" : "8u112" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SE", + "version": { + "version_data": [ + { + "version_value": "6u131" + }, + { + "version_value": "7u121" + }, + { + "version_value": "8u112" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name" : "GLSA-201701-65", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-65" - }, - { - "name" : "RHSA-2017:0175", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html" - }, - { - "name" : "RHSA-2017:0176", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0176.html" - }, - { - "name" : "RHSA-2017:0177", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0177.html" - }, - { - "name" : "RHSA-2017:0263", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0263.html" - }, - { - "name" : "RHSA-2017:0336", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0336.html" - }, - { - "name" : "RHSA-2017:0337", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0337.html" - }, - { - "name" : "RHSA-2017:0338", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0338.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "95570", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95570" - }, - { - "name" : "1037637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0338", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + }, + { + "name": "RHSA-2017:0176", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html" + }, + { + "name": "95570", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95570" + }, + { + "name": "GLSA-201701-65", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-65" + }, + { + "name": "1037637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037637" + }, + { + "name": "RHSA-2017:0175", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html" + }, + { + "name": "RHSA-2017:0177", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html" + }, + { + "name": "RHSA-2017:0263", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "RHSA-2017:0337", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + }, + { + "name": "RHSA-2017:0336", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3802.json b/2017/3xxx/CVE-2017-3802.json index be6f079cea3..47810ff919f 100644 --- a/2017/3xxx/CVE-2017-3802.json +++ b/2017/3xxx/CVE-2017-3802.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager 12.0(0.99000.9)", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager 12.0(0.99000.9)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager 12.0(0.99000.9)", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager 12.0(0.99000.9)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1" - }, - { - "name" : "95636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95636" - }, - { - "name" : "1037655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037655" + }, + { + "name": "95636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95636" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3995.json b/2017/3xxx/CVE-2017-3995.json index 852343ff689..b282da4841c 100644 --- a/2017/3xxx/CVE-2017-3995.json +++ b/2017/3xxx/CVE-2017-3995.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3995", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3995", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7468.json b/2017/7xxx/CVE-2017-7468.json index 445e45297d0..57f6b9522da 100644 --- a/2017/7xxx/CVE-2017-7468.json +++ b/2017/7xxx/CVE-2017-7468.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-7468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "curl", - "version" : { - "version_data" : [ - { - "version_value" : "curl 7.54.0" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "curl", + "version": { + "version_data": [ + { + "version_value": "curl 7.54.0" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468" - }, - { - "name" : "https://curl.haxx.se/docs/adv_20170419.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_20170419.html" - }, - { - "name" : "GLSA-201709-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-14" - }, - { - "name" : "97962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97962" - }, - { - "name" : "1038341", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7468" + }, + { + "name": "GLSA-201709-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-14" + }, + { + "name": "1038341", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038341" + }, + { + "name": "https://curl.haxx.se/docs/adv_20170419.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_20170419.html" + }, + { + "name": "97962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97962" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7522.json b/2017/7xxx/CVE-2017-7522.json index 04da2deb07f..182febbff74 100644 --- a/2017/7xxx/CVE-2017-7522.json +++ b/2017/7xxx/CVE-2017-7522.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenVPN", - "version" : { - "version_data" : [ - { - "version_value" : "before 2.4.3" - }, - { - "version_value" : "before 2.3.17" - } - ] - } - } - ] - }, - "vendor_name" : "OpenVPN Technologies, Inc" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenVPN", + "version": { + "version_data": [ + { + "version_value": "before 2.4.3" + }, + { + "version_value": "before 2.3.17" + } + ] + } + } + ] + }, + "vendor_name": "OpenVPN Technologies, Inc" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243", - "refsource" : "CONFIRM", - "url" : "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243" - }, - { - "name" : "99230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99230" - }, - { - "name" : "1038768", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243", + "refsource": "CONFIRM", + "url": "https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243" + }, + { + "name": "1038768", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038768" + }, + { + "name": "99230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99230" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8687.json b/2017/8xxx/CVE-2017-8687.json index c81cc45afee..258b88fafa1 100644 --- a/2017/8xxx/CVE-2017-8687.json +++ b/2017/8xxx/CVE-2017-8687.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42749", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42749/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687" - }, - { - "name" : "100736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100736" - }, - { - "name" : "1039325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8687" + }, + { + "name": "100736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100736" + }, + { + "name": "42749", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42749/" + }, + { + "name": "1039325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039325" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8689.json b/2017/8xxx/CVE-2017-8689.json index 639e7ca5d32..358818d3265 100644 --- a/2017/8xxx/CVE-2017-8689.json +++ b/2017/8xxx/CVE-2017-8689.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-8689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kernel Mode Driver", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-8689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kernel Mode Driver", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689" - }, - { - "name" : "101128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101128" - }, - { - "name" : "1039526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039526" + }, + { + "name": "101128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101128" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8689" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8705.json b/2017/8xxx/CVE-2017-8705.json index 134fec5a144..fca7bf08968 100644 --- a/2017/8xxx/CVE-2017-8705.json +++ b/2017/8xxx/CVE-2017-8705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10046.json b/2018/10xxx/CVE-2018-10046.json index 8074bcdb23c..3e984a15979 100644 --- a/2018/10xxx/CVE-2018-10046.json +++ b/2018/10xxx/CVE-2018-10046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10240.json b/2018/10xxx/CVE-2018-10240.json index 037fff4528f..032b57d6466 100644 --- a/2018/10xxx/CVE-2018-10240.json +++ b/2018/10xxx/CVE-2018-10240.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-insufficient-session-id-entropy/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-insufficient-session-id-entropy/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-insufficient-session-id-entropy/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/05/solarwinds-serv-u-managed-file-transfer-insufficient-session-id-entropy/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10386.json b/2018/10xxx/CVE-2018-10386.json index c1f2a752352..34cd9bb95db 100644 --- a/2018/10xxx/CVE-2018-10386.json +++ b/2018/10xxx/CVE-2018-10386.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10386", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10386", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10803.json b/2018/10xxx/CVE-2018-10803.json index 9e458b4ac3d..c59c3018282 100644 --- a/2018/10xxx/CVE-2018-10803.json +++ b/2018/10xxx/CVE-2018-10803.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/netflow/readme.html#123125", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/netflow/readme.html#123125" - }, - { - "name" : "104251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104251" + }, + { + "name": "https://www.manageengine.com/products/netflow/readme.html#123125", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/netflow/readme.html#123125" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13135.json b/2018/13xxx/CVE-2018-13135.json index 5c76ca8cc31..f272d84c830 100644 --- a/2018/13xxx/CVE-2018-13135.json +++ b/2018/13xxx/CVE-2018-13135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13135", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13135", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13169.json b/2018/13xxx/CVE-2018-13169.json index 882a3d7ea97..c6d4cd77421 100644 --- a/2018/13xxx/CVE-2018-13169.json +++ b/2018/13xxx/CVE-2018-13169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Ethereum Cash Pro (ECP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ethereum_Cash_Pro_Coin" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13377.json b/2018/13xxx/CVE-2018-13377.json index ae4064eb075..57f0622371a 100644 --- a/2018/13xxx/CVE-2018-13377.json +++ b/2018/13xxx/CVE-2018-13377.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13377", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13377", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13388.json b/2018/13xxx/CVE-2018-13388.json index 6e55e40966a..0dfd69226fe 100644 --- a/2018/13xxx/CVE-2018-13388.json +++ b/2018/13xxx/CVE-2018-13388.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-07-09T00:00:00", - "ID" : "CVE-2018-13388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fisheye and Crucible", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "4.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-07-09T00:00:00", + "ID": "CVE-2018-13388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fisheye and Crucible", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "4.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CRUC-8209", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CRUC-8209" - }, - { - "name" : "https://jira.atlassian.com/browse/FE-7059", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/FE-7059" - }, - { - "name" : "104717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in attached files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CRUC-8209", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CRUC-8209" + }, + { + "name": "https://jira.atlassian.com/browse/FE-7059", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/FE-7059" + }, + { + "name": "104717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104717" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13670.json b/2018/13xxx/CVE-2018-13670.json index b9b187bef9c..784c8737192 100644 --- a/2018/13xxx/CVE-2018-13670.json +++ b/2018/13xxx/CVE-2018-13670.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFCB", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFCB" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for GFCB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFCB", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFCB" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17001.json b/2018/17xxx/CVE-2018-17001.json index d315803bdeb..347d26f2148 100644 --- a/2018/17xxx/CVE-2018-17001.json +++ b/2018/17xxx/CVE-2018-17001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/149441/RICOH-SP-4510SF-Printer-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149441/RICOH-SP-4510SF-Printer-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149441/RICOH-SP-4510SF-Printer-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149441/RICOH-SP-4510SF-Printer-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17206.json b/2018/17xxx/CVE-2018-17206.json index 10fc03649c1..fae2c2d72db 100644 --- a/2018/17xxx/CVE-2018-17206.json +++ b/2018/17xxx/CVE-2018-17206.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8", - "refsource" : "MISC", - "url" : "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8" - }, - { - "name" : "RHSA-2018:3500", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3500" - }, - { - "name" : "RHSA-2019:0053", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0053" - }, - { - "name" : "RHSA-2019:0081", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0081" - }, - { - "name" : "USN-3873-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3873-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0053", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0053" + }, + { + "name": "USN-3873-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3873-1/" + }, + { + "name": "RHSA-2018:3500", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3500" + }, + { + "name": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8", + "refsource": "MISC", + "url": "https://github.com/openvswitch/ovs/commit/9237a63c47bd314b807cda0bd2216264e82edbe8" + }, + { + "name": "RHSA-2019:0081", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0081" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17259.json b/2018/17xxx/CVE-2018-17259.json index 8b3bbc3881d..4a9e027539b 100644 --- a/2018/17xxx/CVE-2018-17259.json +++ b/2018/17xxx/CVE-2018-17259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17259", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17259", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17976.json b/2018/17xxx/CVE-2018-17976.json index 07310b2da03..e81d8a0f9bb 100644 --- a/2018/17xxx/CVE-2018-17976.json +++ b/2018/17xxx/CVE-2018-17976.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51581", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/51581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via Epic change descriptions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51581", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51581" + }, + { + "name": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/10/05/critical-security-release-11-3-4/" + } + ] + } +} \ No newline at end of file