From bc57b8e78fdf7225b83c78eecba05e27e57ed9a3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:56:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0283.json | 120 ++++++------ 2002/0xxx/CVE-2002-0834.json | 120 ++++++------ 2002/1xxx/CVE-2002-1030.json | 160 ++++++++-------- 2002/1xxx/CVE-2002-1085.json | 140 +++++++------- 2002/1xxx/CVE-2002-1387.json | 120 ++++++------ 2002/1xxx/CVE-2002-1471.json | 140 +++++++------- 2002/1xxx/CVE-2002-1842.json | 160 ++++++++-------- 2003/0xxx/CVE-2003-0094.json | 140 +++++++------- 2003/0xxx/CVE-2003-0101.json | 280 +++++++++++++-------------- 2003/0xxx/CVE-2003-0613.json | 120 ++++++------ 2003/0xxx/CVE-2003-0848.json | 340 ++++++++++++++++----------------- 2003/1xxx/CVE-2003-1008.json | 130 ++++++------- 2012/0xxx/CVE-2012-0089.json | 130 ++++++------- 2012/0xxx/CVE-2012-0454.json | 220 ++++++++++----------- 2012/0xxx/CVE-2012-0552.json | 150 +++++++-------- 2012/0xxx/CVE-2012-0559.json | 160 ++++++++-------- 2012/0xxx/CVE-2012-0834.json | 170 ++++++++--------- 2012/1xxx/CVE-2012-1167.json | 250 ++++++++++++------------ 2012/1xxx/CVE-2012-1202.json | 34 ++-- 2012/1xxx/CVE-2012-1284.json | 34 ++-- 2012/1xxx/CVE-2012-1837.json | 140 +++++++------- 2012/3xxx/CVE-2012-3745.json | 140 +++++++------- 2012/4xxx/CVE-2012-4052.json | 140 +++++++------- 2012/4xxx/CVE-2012-4189.json | 140 +++++++------- 2012/4xxx/CVE-2012-4288.json | 240 +++++++++++------------ 2012/4xxx/CVE-2012-4487.json | 150 +++++++-------- 2012/4xxx/CVE-2012-4581.json | 120 ++++++------ 2012/5xxx/CVE-2012-5646.json | 170 ++++++++--------- 2012/5xxx/CVE-2012-5827.json | 170 ++++++++--------- 2017/2xxx/CVE-2017-2005.json | 34 ++-- 2017/2xxx/CVE-2017-2248.json | 130 ++++++------- 2017/2xxx/CVE-2017-2385.json | 140 +++++++------- 2017/2xxx/CVE-2017-2519.json | 180 ++++++++--------- 2017/2xxx/CVE-2017-2648.json | 160 ++++++++-------- 2017/3xxx/CVE-2017-3107.json | 142 +++++++------- 2017/3xxx/CVE-2017-3372.json | 176 ++++++++--------- 2017/3xxx/CVE-2017-3591.json | 166 ++++++++-------- 2017/6xxx/CVE-2017-6122.json | 34 ++-- 2017/6xxx/CVE-2017-6380.json | 34 ++-- 2017/6xxx/CVE-2017-6418.json | 160 ++++++++-------- 2017/7xxx/CVE-2017-7164.json | 130 ++++++------- 2017/7xxx/CVE-2017-7526.json | 250 ++++++++++++------------ 2017/7xxx/CVE-2017-7644.json | 120 ++++++------ 2017/7xxx/CVE-2017-7738.json | 144 +++++++------- 2017/7xxx/CVE-2017-7757.json | 256 ++++++++++++------------- 2017/7xxx/CVE-2017-7800.json | 266 +++++++++++++------------- 2017/7xxx/CVE-2017-7964.json | 120 ++++++------ 2018/10xxx/CVE-2018-10115.json | 150 +++++++-------- 2018/10xxx/CVE-2018-10221.json | 120 ++++++------ 2018/14xxx/CVE-2018-14339.json | 170 ++++++++--------- 2018/14xxx/CVE-2018-14414.json | 34 ++-- 2018/14xxx/CVE-2018-14848.json | 34 ++-- 2018/17xxx/CVE-2018-17967.json | 120 ++++++------ 2018/20xxx/CVE-2018-20026.json | 132 ++++++------- 2018/20xxx/CVE-2018-20145.json | 140 +++++++------- 2018/20xxx/CVE-2018-20592.json | 140 +++++++------- 2018/20xxx/CVE-2018-20660.json | 34 ++-- 2018/9xxx/CVE-2018-9024.json | 132 ++++++------- 2018/9xxx/CVE-2018-9420.json | 34 ++-- 2018/9xxx/CVE-2018-9687.json | 34 ++-- 60 files changed, 4222 insertions(+), 4222 deletions(-) diff --git a/2002/0xxx/CVE-2002-0283.json b/2002/0xxx/CVE-2002-0283.json index c648e79822d..f64ebbf5fc2 100644 --- a/2002/0xxx/CVE-2002-0283.json +++ b/2002/0xxx/CVE-2002-0283.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020215 Windows XP Remote DOS attacks with SYN Flag. Make CPU 100%", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101408718030099&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020215 Windows XP Remote DOS attacks with SYN Flag. Make CPU 100%", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101408718030099&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0834.json b/2002/0xxx/CVE-2002-0834.json index 75fd3282684..b4039168cbc 100644 --- a/2002/0xxx/CVE-2002-0834.json +++ b/2002/0xxx/CVE-2002-0834.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00006.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00006.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1030.json b/2002/1xxx/CVE-2002-1030.json index 36c00a0a6ac..a422de12012 100644 --- a/2002/1xxx/CVE-2002-1030.json +++ b/2002/1xxx/CVE-2002-1030.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html" - }, - { - "name" : "20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/281046" - }, - { - "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm", - "refsource" : "CONFIRM", - "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm" - }, - { - "name" : "5159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5159" - }, - { - "name" : "weblogic-race-condition-dos(9486)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9486.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html" + }, + { + "name": "5159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5159" + }, + { + "name": "weblogic-race-condition-dos(9486)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9486.php" + }, + { + "name": "20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/281046" + }, + { + "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm", + "refsource": "CONFIRM", + "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1085.json b/2002/1xxx/CVE-2002-1085.json index bf7aa8670ef..35a5e79ea73 100644 --- a/2002/1xxx/CVE-2002-1085.json +++ b/2002/1xxx/CVE-2002-1085.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 [VulnWatch] ezContents multiple vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" - }, - { - "name" : "20020725 ezContents multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284229" - }, - { - "name" : "ezcontents-diary-entry-xss(9712)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9712.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 ezContents multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284229" + }, + { + "name": "20020725 [VulnWatch] ezContents multiple vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" + }, + { + "name": "ezcontents-diary-entry-xss(9712)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9712.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1387.json b/2002/1xxx/CVE-2002-1387.json index ecce1db593e..52e5af5d4c5 100644 --- a/2002/1xxx/CVE-2002-1387.json +++ b/2002/1xxx/CVE-2002-1387.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021128 TracerouteNG - never ending story", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103849968732634&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The spray mode in traceroute-nanog (aka traceroute-ng) may allow local users to overwrite arbitrary memory locations via an array index overflow using the nprobes (number of probes) argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021128 TracerouteNG - never ending story", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103849968732634&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1471.json b/2002/1xxx/CVE-2002-1471.json index 0e631524a21..7af03f0694d 100644 --- a/2002/1xxx/CVE-2002-1471.json +++ b/2002/1xxx/CVE-2002-1471.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021003 SSL certificate validation problems in Ximian Evolution", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html" - }, - { - "name" : "evolution-camel-certificate-mitm(10292)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10292.php" - }, - { - "name" : "5875", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "evolution-camel-certificate-mitm(10292)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10292.php" + }, + { + "name": "20021003 SSL certificate validation problems in Ximian Evolution", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html" + }, + { + "name": "5875", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5875" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1842.json b/2002/1xxx/CVE-2002-1842.json index bed37092df5..2c064597031 100644 --- a/2002/1xxx/CVE-2002-1842.json +++ b/2002/1xxx/CVE-2002-1842.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/296073" - }, - { - "name" : "5998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5998" - }, - { - "name" : "5999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5999" - }, - { - "name" : "perlbot-email-command-execution(10402)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10402.php" - }, - { - "name" : "perlbot-shell-command-execution(10401)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10401.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Perlbot 1.0 beta allows remote attackers to execute arbitrary commands via shell metacharacters in (1) a word that is being spell checked or (2) an e-mail address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021018 SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/296073" + }, + { + "name": "perlbot-email-command-execution(10402)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10402.php" + }, + { + "name": "5999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5999" + }, + { + "name": "perlbot-shell-command-execution(10401)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10401.php" + }, + { + "name": "5998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5998" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0094.json b/2003/0xxx/CVE-2003-0094.json index 3b73900e410..c0fe0d08b65 100644 --- a/2003/0xxx/CVE-2003-0094.json +++ b/2003/0xxx/CVE-2003-0094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2003:016", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016" - }, - { - "name" : "6855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6855" - }, - { - "name" : "utillinux-mcookie-cookie-predictable(11318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2003:016", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016" + }, + { + "name": "utillinux-mcookie-cookie-predictable(11318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318" + }, + { + "name": "6855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6855" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0101.json b/2003/0xxx/CVE-2003-0101.json index ffc0d303967..1a423d5a95d 100644 --- a/2003/0xxx/CVE-2003-0101.json +++ b/2003/0xxx/CVE-2003-0101.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104610300325629&w=2" - }, - { - "name" : "http://www.lac.co.jp/security/english/snsadv_e/62_e.html", - "refsource" : "MISC", - "url" : "http://www.lac.co.jp/security/english/snsadv_e/62_e.html" - }, - { - "name" : "20030224 GLSA: usermin (200302-14)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104610336226274&w=2" - }, - { - "name" : "20030224 Webmin 1.050 - 1.060 remote exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104610245624895&w=2" - }, - { - "name" : "http://marc.info/?l=webmin-announce&m=104587858408101&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=webmin-announce&m=104587858408101&w=2" - }, - { - "name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html", - "refsource" : "CONFIRM", - "url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html" - }, - { - "name" : "DSA-319", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-319" - }, - { - "name" : "ESA-20030225-006", - "refsource" : "ENGARDE", - "url" : "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html" - }, - { - "name" : "HPSBUX0303-250", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html" - }, - { - "name" : "MDKSA-2003:025", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025" - }, - { - "name" : "20030602-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I" - }, - { - "name" : "N-058", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-058.shtml" - }, - { - "name" : "6915", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6915" - }, - { - "name" : "1006160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006160" - }, - { - "name" : "8115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8115" - }, - { - "name" : "8163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8163" - }, - { - "name" : "webmin-usermin-root-access(11390)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11390.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-319", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-319" + }, + { + "name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html", + "refsource": "CONFIRM", + "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html" + }, + { + "name": "20030224 GLSA: usermin (200302-14)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104610336226274&w=2" + }, + { + "name": "N-058", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml" + }, + { + "name": "8163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8163" + }, + { + "name": "MDKSA-2003:025", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025" + }, + { + "name": "HPSBUX0303-250", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html" + }, + { + "name": "8115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8115" + }, + { + "name": "1006160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006160" + }, + { + "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104610300325629&w=2" + }, + { + "name": "ESA-20030225-006", + "refsource": "ENGARDE", + "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html" + }, + { + "name": "http://marc.info/?l=webmin-announce&m=104587858408101&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=webmin-announce&m=104587858408101&w=2" + }, + { + "name": "20030224 Webmin 1.050 - 1.060 remote exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104610245624895&w=2" + }, + { + "name": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html", + "refsource": "MISC", + "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html" + }, + { + "name": "20030602-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I" + }, + { + "name": "webmin-usermin-root-access(11390)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11390.php" + }, + { + "name": "6915", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6915" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0613.json b/2003/0xxx/CVE-2003-0613.json index 83cadb8d44b..9e98bd7a8a6 100644 --- a/2003/0xxx/CVE-2003-0613.json +++ b/2003/0xxx/CVE-2003-0613.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-369", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-369", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-369" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0848.json b/2003/0xxx/CVE-2003-0848.json index 252c88000b6..20bc866c378 100644 --- a/2003/0xxx/CVE-2003-0848.json +++ b/2003/0xxx/CVE-2003-0848.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative \"pathlen\" value to be used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031006 SA-20031006 slocate vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106546447321274&w=2" - }, - { - "name" : "20031011 SA-20031006 slocate buffer overflow - exploitation proof", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106589631819348&w=2" - }, - { - "name" : "http://www.ebitech.sk/patrik/SA/SA-20031006.txt", - "refsource" : "MISC", - "url" : "http://www.ebitech.sk/patrik/SA/SA-20031006.txt" - }, - { - "name" : "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt", - "refsource" : "MISC", - "url" : "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt" - }, - { - "name" : "FEDORA-2004-059", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html" - }, - { - "name" : "RHSA-2004:040", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-040.html" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "2004-0005", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt" - }, - { - "name" : "DSA-428", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-428" - }, - { - "name" : "RHSA-2004:041", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-041.html" - }, - { - "name" : "MDKSA-2004:004", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:004" - }, - { - "name" : "20040201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc" - }, - { - "name" : "CSSA-2004-001.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt" - }, - { - "name" : "oval:org.mitre.oval:def:821", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821" - }, - { - "name" : "oval:org.mitre.oval:def:11033", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033" - }, - { - "name" : "10670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10670" - }, - { - "name" : "10683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10683" - }, - { - "name" : "10686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10686" - }, - { - "name" : "10698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10698" - }, - { - "name" : "10702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10702" - }, - { - "name" : "10720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10720" - }, - { - "name" : "10722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10722" - }, - { - "name" : "9962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9962/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative \"pathlen\" value to be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2004-001.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt" + }, + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "RHSA-2004:040", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-040.html" + }, + { + "name": "20040201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc" + }, + { + "name": "RHSA-2004:041", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-041.html" + }, + { + "name": "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt", + "refsource": "MISC", + "url": "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt" + }, + { + "name": "10720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10720" + }, + { + "name": "10686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10686" + }, + { + "name": "10722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10722" + }, + { + "name": "MDKSA-2004:004", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:004" + }, + { + "name": "10702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10702" + }, + { + "name": "http://www.ebitech.sk/patrik/SA/SA-20031006.txt", + "refsource": "MISC", + "url": "http://www.ebitech.sk/patrik/SA/SA-20031006.txt" + }, + { + "name": "DSA-428", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-428" + }, + { + "name": "20031011 SA-20031006 slocate buffer overflow - exploitation proof", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106589631819348&w=2" + }, + { + "name": "10683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10683" + }, + { + "name": "9962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9962/" + }, + { + "name": "FEDORA-2004-059", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html" + }, + { + "name": "oval:org.mitre.oval:def:11033", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033" + }, + { + "name": "10670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10670" + }, + { + "name": "20031006 SA-20031006 slocate vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106546447321274&w=2" + }, + { + "name": "10698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10698" + }, + { + "name": "2004-0005", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt" + }, + { + "name": "oval:org.mitre.oval:def:821", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1008.json b/2003/1xxx/CVE-2003-1008.json index c47ff4e00d8..c6b0d914bfd 100644 --- a/2003/1xxx/CVE-2003-1008.json +++ b/2003/1xxx/CVE-2003-1008.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=61798", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=61798" - }, - { - "name" : "macos-screen-saver-bypass(14195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-screen-saver-bypass(14195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14195" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=61798", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=61798" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0089.json b/2012/0xxx/CVE-2012-0089.json index 2c1399df111..525cd13f0c8 100644 --- a/2012/0xxx/CVE-2012-0089.json +++ b/2012/0xxx/CVE-2012-0089.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "peoplesoft-enterhcm-info-disc(72485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "peoplesoft-enterhcm-info-disc(72485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72485" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0454.json b/2012/0xxx/CVE-2012-0454.json index 080b1caae16..022b8f37126 100644 --- a/2012/0xxx/CVE-2012-0454.json +++ b/2012/0xxx/CVE-2012-0454.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-12.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=684555", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=684555" - }, - { - "name" : "MDVSA-2012:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" - }, - { - "name" : "SUSE-SU-2012:0424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:14258", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14258" - }, - { - "name" : "1026804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026804" - }, - { - "name" : "1026801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026801" - }, - { - "name" : "1026803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026803" - }, - { - "name" : "48629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48629" - }, - { - "name" : "48561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48561" - }, - { - "name" : "48402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48402" + }, + { + "name": "SUSE-SU-2012:0424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" + }, + { + "name": "oval:org.mitre.oval:def:14258", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14258" + }, + { + "name": "48629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48629" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-12.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-12.html" + }, + { + "name": "MDVSA-2012:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" + }, + { + "name": "1026803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026803" + }, + { + "name": "48561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48561" + }, + { + "name": "1026801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026801" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=684555", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=684555" + }, + { + "name": "1026804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026804" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0552.json b/2012/0xxx/CVE-2012-0552.json index 9306ad9bf77..ab218d77f92 100644 --- a/2012/0xxx/CVE-2012-0552.json +++ b/2012/0xxx/CVE-2012-0552.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "SUSE-SU-2012:1020", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00018.html" - }, - { - "name" : "1026929", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1020", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00018.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026929", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026929" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0559.json b/2012/0xxx/CVE-2012-0559.json index 5d6ad519ced..3aa24d54a19 100644 --- a/2012/0xxx/CVE-2012-0559.json +++ b/2012/0xxx/CVE-2012-0559.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Billing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53105" - }, - { - "name" : "1026954", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026954" - }, - { - "name" : "48884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Billing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48884" + }, + { + "name": "53105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53105" + }, + { + "name": "1026954", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026954" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0834.json b/2012/0xxx/CVE-2012-0834.json index 5905cd8d0d6..233e88682ed 100644 --- a/2012/0xxx/CVE-2012-0834.json +++ b/2012/0xxx/CVE-2012-0834.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120202 CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/02/02/9" - }, - { - "name" : "[oss-security] 20120203 Re: CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/02/03/3" - }, - { - "name" : "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd", - "refsource" : "CONFIRM", - "url" : "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd" - }, - { - "name" : "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546" - }, - { - "name" : "MDVSA-2012:020", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:020" - }, - { - "name" : "47852", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd", + "refsource": "CONFIRM", + "url": "http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd" + }, + { + "name": "47852", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47852" + }, + { + "name": "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546" + }, + { + "name": "[oss-security] 20120203 Re: CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/02/03/3" + }, + { + "name": "[oss-security] 20120202 CVE request: phpldapadmin \"base\" Cross-Site Scripting Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/02/02/9" + }, + { + "name": "MDVSA-2012:020", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:020" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1167.json b/2012/1xxx/CVE-2012-1167.json index 879edb3158f..35e610f828f 100644 --- a/2012/1xxx/CVE-2012-1167.json +++ b/2012/1xxx/CVE-2012-1167.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=802622", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=802622" - }, - { - "name" : "RHSA-2012:1013", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1013.html" - }, - { - "name" : "RHSA-2012:1014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1014.html" - }, - { - "name" : "RHSA-2012:1026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1026.html" - }, - { - "name" : "RHSA-2012:1027", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1027.html" - }, - { - "name" : "RHSA-2012:1028", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1028.html" - }, - { - "name" : "RHSA-2012:1125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1125.html" - }, - { - "name" : "RHSA-2012:1232", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1232.html" - }, - { - "name" : "54089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54089" - }, - { - "name" : "1027501", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1027501" - }, - { - "name" : "49635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49635" - }, - { - "name" : "49658", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49658" - }, - { - "name" : "50549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50549" - }, - { - "name" : "jboss-jacc-security-bypass(76680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=802622", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=802622" + }, + { + "name": "RHSA-2012:1028", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1028.html" + }, + { + "name": "49658", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49658" + }, + { + "name": "49635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49635" + }, + { + "name": "RHSA-2012:1027", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1027.html" + }, + { + "name": "RHSA-2012:1013", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1013.html" + }, + { + "name": "jboss-jacc-security-bypass(76680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76680" + }, + { + "name": "RHSA-2012:1026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1026.html" + }, + { + "name": "50549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50549" + }, + { + "name": "RHSA-2012:1014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1014.html" + }, + { + "name": "54089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54089" + }, + { + "name": "1027501", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1027501" + }, + { + "name": "RHSA-2012:1232", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1232.html" + }, + { + "name": "RHSA-2012:1125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1202.json b/2012/1xxx/CVE-2012-1202.json index a1417746684..8d397a47ee1 100644 --- a/2012/1xxx/CVE-2012-1202.json +++ b/2012/1xxx/CVE-2012-1202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1284.json b/2012/1xxx/CVE-2012-1284.json index 912f9a55fdd..2f29cc071b1 100644 --- a/2012/1xxx/CVE-2012-1284.json +++ b/2012/1xxx/CVE-2012-1284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1284", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1284", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1837.json b/2012/1xxx/CVE-2012-1837.json index 6c2c0a9c018..70cb4bdebef 100644 --- a/2012/1xxx/CVE-2012-1837.json +++ b/2012/1xxx/CVE-2012-1837.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21587743", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21587743" - }, - { - "name" : "48352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48352" - }, - { - "name" : "tem-httponly-weak-security(74038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48352" + }, + { + "name": "tem-httponly-weak-security(74038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74038" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21587743", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21587743" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3745.json b/2012/3xxx/CVE-2012-3745.json index 052f500a337..584801be57b 100644 --- a/2012/3xxx/CVE-2012-3745.json +++ b/2012/3xxx/CVE-2012-3745.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "apple-ios-telephony-cve20123745(78722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "apple-ios-telephony-cve20123745(78722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78722" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4052.json b/2012/4xxx/CVE-2012-4052.json index 36ebc716ea3..48af86d9a2e 100644 --- a/2012/4xxx/CVE-2012-4052.json +++ b/2012/4xxx/CVE-2012-4052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jease.org/download/2.9/", - "refsource" : "MISC", - "url" : "http://www.jease.org/download/2.9/" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23104", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23104" - }, - { - "name" : "https://groups.google.com/forum/?fromgroups#!topic/jease/2BHaDww-5ac[1-25]", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/?fromgroups#!topic/jease/2BHaDww-5ac[1-25]" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jease.org/download/2.9/", + "refsource": "MISC", + "url": "http://www.jease.org/download/2.9/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23104", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23104" + }, + { + "name": "https://groups.google.com/forum/?fromgroups#!topic/jease/2BHaDww-5ac[1-25]", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/?fromgroups#!topic/jease/2BHaDww-5ac[1-25]" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4189.json b/2012/4xxx/CVE-2012-4189.json index 6c091903a2e..1c8b0e91089 100644 --- a/2012/4xxx/CVE-2012-4189.json +++ b/2012/4xxx/CVE-2012-4189.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.6.11/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.6.11/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790296", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790296" - }, - { - "name" : "MDVSA-2013:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=790296", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790296" + }, + { + "name": "MDVSA-2013:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" + }, + { + "name": "http://www.bugzilla.org/security/3.6.11/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.6.11/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4288.json b/2012/4xxx/CVE-2012-4288.json index 11baf6820c6..246db618d91 100644 --- a/2012/4xxx/CVE-2012-4288.json +++ b/2012/4xxx/CVE-2012-4288.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-15.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "openSUSE-SU-2012:1035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15789", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15789" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-15.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-15.html" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "oval:org.mitre.oval:def:15789", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15789" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "openSUSE-SU-2012:1035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4487.json b/2012/4xxx/CVE-2012-4487.json index 98ef361f7a5..b7c53eea200 100644 --- a/2012/4xxx/CVE-2012-4487.json +++ b/2012/4xxx/CVE-2012-4487.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Subuser module before 6.x-1.8 for Drupal does not properly check \"switch subuser\" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1700550", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1700550" - }, - { - "name" : "http://drupal.org/node/1700584", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1700584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Subuser module before 6.x-1.8 for Drupal does not properly check \"switch subuser\" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "http://drupal.org/node/1700584", + "refsource": "MISC", + "url": "http://drupal.org/node/1700584" + }, + { + "name": "http://drupal.org/node/1700550", + "refsource": "MISC", + "url": "http://drupal.org/node/1700550" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4581.json b/2012/4xxx/CVE-2012-4581.json index 33ef3cd6870..5878c394717 100644 --- a/2012/4xxx/CVE-2012-4581.json +++ b/2012/4xxx/CVE-2012-4581.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a \"Logout Failure\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a \"Logout Failure\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5646.json b/2012/5xxx/CVE-2012-5646.json index 7ff406f3035..aecb21c53fe 100644 --- a/2012/5xxx/CVE-2012-5646.json +++ b/2012/5xxx/CVE-2012-5646.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=888518", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=888518" - }, - { - "name" : "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", - "refsource" : "CONFIRM", - "url" : "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00" - }, - { - "name" : "https://github.com/openshift/origin-server/pull/1017", - "refsource" : "CONFIRM", - "url" : "https://github.com/openshift/origin-server/pull/1017" - }, - { - "name" : "RHSA-2013:0148", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0148.html" - }, - { - "name" : "57189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57189" - }, - { - "name" : "89431", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/89431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=888518", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=888518" + }, + { + "name": "https://github.com/openshift/origin-server/pull/1017", + "refsource": "CONFIRM", + "url": "https://github.com/openshift/origin-server/pull/1017" + }, + { + "name": "89431", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/89431" + }, + { + "name": "RHSA-2013:0148", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0148.html" + }, + { + "name": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00", + "refsource": "CONFIRM", + "url": "https://github.com/openshift/origin-server/commit/32564a0839b1517d762afab2013c26c0959bac00" + }, + { + "name": "57189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57189" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5827.json b/2012/5xxx/CVE-2012-5827.json index d4455b15c51..707826b3404 100644 --- a/2012/5xxx/CVE-2012-5827.json +++ b/2012/5xxx/CVE-2012-5827.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving \"Inadequate protection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html" - }, - { - "name" : "http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html" - }, - { - "name" : "56397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56397" - }, - { - "name" : "1027744", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027744" - }, - { - "name" : "51187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51187" - }, - { - "name" : "joomla-unspecified-clickjacking(79925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving \"Inadequate protection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/543-20121101-core-clickjacking.html" + }, + { + "name": "51187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51187" + }, + { + "name": "1027744", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027744" + }, + { + "name": "http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/544-20121102-core-clickjacking.html" + }, + { + "name": "56397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56397" + }, + { + "name": "joomla-unspecified-clickjacking(79925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79925" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2005.json b/2017/2xxx/CVE-2017-2005.json index 5f19f095f9a..90211bf921c 100644 --- a/2017/2xxx/CVE-2017-2005.json +++ b/2017/2xxx/CVE-2017-2005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2005", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2005", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2248.json b/2017/2xxx/CVE-2017-2248.json index 67b23cd861b..a0c2aaa8d03 100644 --- a/2017/2xxx/CVE-2017-2248.json +++ b/2017/2xxx/CVE-2017-2248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of Lhaz+", - "version" : { - "version_data" : [ - { - "version_value" : "version 3.4.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Chitora soft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of Lhaz+", + "version": { + "version_data": [ + { + "version_value": "version 3.4.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Chitora soft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://chitora.com/jvn21369452.html", - "refsource" : "CONFIRM", - "url" : "http://chitora.com/jvn21369452.html" - }, - { - "name" : "JVN#21369452", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN21369452/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#21369452", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN21369452/index.html" + }, + { + "name": "http://chitora.com/jvn21369452.html", + "refsource": "CONFIRM", + "url": "http://chitora.com/jvn21369452.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2385.json b/2017/2xxx/CVE-2017-2385.json index 8e5f4801043..e24292bf697 100644 --- a/2017/2xxx/CVE-2017-2385.json +++ b/2017/2xxx/CVE-2017-2385.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "97136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97136" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"Safari Login AutoFill\" component. It allows local users to obtain access to locked keychain items via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "97136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97136" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2519.json b/2017/2xxx/CVE-2017-2519.json index d5249356901..f8b0246db5f 100644 --- a/2017/2xxx/CVE-2017-2519.json +++ b/2017/2xxx/CVE-2017-2519.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html" - }, - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207800", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207800" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "98468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98468" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + }, + { + "name": "https://support.apple.com/HT207800", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207800" + }, + { + "name": "[debian-lts-announce] 20190111 [SECURITY] [DLA 1633-1] sqlite3 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html" + }, + { + "name": "98468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98468" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2648.json b/2017/2xxx/CVE-2017-2648.json index bc33881227e..e7f822b0abb 100644 --- a/2017/2xxx/CVE-2017-2648.json +++ b/2017/2xxx/CVE-2017-2648.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jenkins-ssh-slaves-plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.15" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jenkins-ssh-slaves-plugin", + "version": { + "version_data": [ + { + "version_value": "1.15" + } + ] + } + } + ] + }, + "vendor_name": "Jenkins" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648" - }, - { - "name" : "https://jenkins.io/security/advisory/2017-03-20/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-03-20/" - }, - { - "name" : "96985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96985" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2648" + }, + { + "name": "https://jenkins.io/security/advisory/2017-03-20/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-03-20/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3107.json b/2017/3xxx/CVE-2017-3107.json index 0f5f5f5090e..8b02558a4e2 100644 --- a/2017/3xxx/CVE-2017-3107.json +++ b/2017/3xxx/CVE-2017-3107.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Experience Manager", - "version" : { - "version_data" : [ - { - "version_value" : "AEM 6.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Misconfiguration" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Experience Manager", + "version": { + "version_data": [ + { + "version_value": "AEM 6.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html" - }, - { - "name" : "100188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100188" - }, - { - "name" : "1039099", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Misconfiguration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100188" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html" + }, + { + "name": "1039099", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039099" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3372.json b/2017/3xxx/CVE-2017-3372.json index 02567147306..0319bca18f5 100644 --- a/2017/3xxx/CVE-2017-3372.json +++ b/2017/3xxx/CVE-2017-3372.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Interaction Blending", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Blending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Interaction Blending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Interaction Blending accessible data as well as unauthorized update, insert or delete access to some of Oracle Interaction Blending accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Interaction Blending", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95597" - }, - { - "name" : "1037639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Blending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Interaction Blending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Interaction Blending accessible data as well as unauthorized update, insert or delete access to some of Oracle Interaction Blending accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037639" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "95597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95597" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3591.json b/2017/3xxx/CVE-2017-3591.json index 0a734a2c2bc..da4afa26bf0 100644 --- a/2017/3xxx/CVE-2017-3591.json +++ b/2017/3xxx/CVE-2017-3591.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97899" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97899" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6122.json b/2017/6xxx/CVE-2017-6122.json index 504c0f573fd..487fc8c0ca1 100644 --- a/2017/6xxx/CVE-2017-6122.json +++ b/2017/6xxx/CVE-2017-6122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6380.json b/2017/6xxx/CVE-2017-6380.json index ac04751d71a..66ad01909b2 100644 --- a/2017/6xxx/CVE-2017-6380.json +++ b/2017/6xxx/CVE-2017-6380.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6380", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6380", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6418.json b/2017/6xxx/CVE-2017-6418.json index 079399fe582..72f3e01022b 100644 --- a/2017/6xxx/CVE-2017-6418.json +++ b/2017/6xxx/CVE-2017-6418.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11797", - "refsource" : "MISC", - "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11797" - }, - { - "name" : "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md", - "refsource" : "MISC", - "url" : "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md" - }, - { - "name" : "https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c", - "refsource" : "MISC", - "url" : "https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c" - }, - { - "name" : "GLSA-201804-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-16" - }, - { - "name" : "100154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md", + "refsource": "MISC", + "url": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_email_crash.md" + }, + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=11797", + "refsource": "MISC", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11797" + }, + { + "name": "100154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100154" + }, + { + "name": "https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c", + "refsource": "MISC", + "url": "https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c" + }, + { + "name": "GLSA-201804-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-16" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7164.json b/2017/7xxx/CVE-2017-7164.json index 5a576e3fde8..26fa1af499a 100644 --- a/2017/7xxx/CVE-2017-7164.json +++ b/2017/7xxx/CVE-2017-7164.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the \"App Store\" component. It allows man-in-the-middle attackers to spoof password prompts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. The issue involves the \"App Store\" component. It allows man-in-the-middle attackers to spoof password prompts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7526.json b/2017/7xxx/CVE-2017-7526.json index e9a076a4647..37de7129e3c 100644 --- a/2017/7xxx/CVE-2017-7526.json +++ b/2017/7xxx/CVE-2017-7526.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-7526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libgcrypt", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.8" - } - ] - } - } - ] - }, - "vendor_name" : "GnuPG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libgcrypt", + "version": { + "version_data": [ + { + "version_value": "1.7.8" + } + ] + } + } + ] + }, + "vendor_name": "GnuPG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnupg-announce] 20170629 Libgcrypt 1.7.8 released to fix CVE-2017-7526", - "refsource" : "MLIST", - "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html" - }, - { - "name" : "https://eprint.iacr.org/2017/627", - "refsource" : "MISC", - "url" : "https://eprint.iacr.org/2017/627" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", - "refsource" : "CONFIRM", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", - "refsource" : "CONFIRM", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce" - }, - { - "name" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", - "refsource" : "CONFIRM", - "url" : "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9" - }, - { - "name" : "DSA-3901", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3901" - }, - { - "name" : "DSA-3960", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3960" - }, - { - "name" : "USN-3733-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3733-1/" - }, - { - "name" : "USN-3733-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3733-2/" - }, - { - "name" : "99338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99338" - }, - { - "name" : "1038915", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3733-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3733-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7526" + }, + { + "name": "1038915", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038915" + }, + { + "name": "DSA-3960", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3960" + }, + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a", + "refsource": "CONFIRM", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=78130828e9a140a9de4dafadbc844dbb64cb709a" + }, + { + "name": "DSA-3901", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3901" + }, + { + "name": "USN-3733-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3733-2/" + }, + { + "name": "https://eprint.iacr.org/2017/627", + "refsource": "MISC", + "url": "https://eprint.iacr.org/2017/627" + }, + { + "name": "99338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99338" + }, + { + "name": "[gnupg-announce] 20170629 Libgcrypt 1.7.8 released to fix CVE-2017-7526", + "refsource": "MLIST", + "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html" + }, + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9", + "refsource": "CONFIRM", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e6a3dc9900433bbc8ad362a595a3837318c28fa9" + }, + { + "name": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce", + "refsource": "CONFIRM", + "url": "https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8725c99ffa41778f382ca97233183bcd687bb0ce" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7644.json b/2017/7xxx/CVE-2017-7644.json index c7877f2dfe7..29a4881af63 100644 --- a/2017/7xxx/CVE-2017-7644.json +++ b/2017/7xxx/CVE-2017-7644.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/83", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/83" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, and 7.1.x before 7.1.9 allows remote authenticated users to obtain sensitive information by leveraging incorrect permission validation, aka PAN-SA-2017-0013 and PAN-70541." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/83", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/83" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7738.json b/2017/7xxx/CVE-2017-7738.json index cf94ad8f534..8a82dba8b3d 100644 --- a/2017/7xxx/CVE-2017-7738.json +++ b/2017/7xxx/CVE-2017-7738.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "DATE_PUBLIC" : "2017-12-08T00:00:00", - "ID" : "CVE-2017-7738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FortiOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.6.0 to 5.6.2" - }, - { - "version_value" : "5.4.0 to 5.4.5" - }, - { - "version_value" : "5.2 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "DATE_PUBLIC": "2017-12-08T00:00:00", + "ID": "CVE-2017-7738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_value": "5.6.0 to 5.6.2" + }, + { + "version_value": "5.4.0 to 5.4.5" + }, + { + "version_value": "5.2 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-17-172", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-17-172" - }, - { - "name" : "102151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102151" + }, + { + "name": "https://fortiguard.com/advisory/FG-IR-17-172", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-17-172" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7757.json b/2017/7xxx/CVE-2017-7757.json index 41bdec31989..e55e9d3c515 100644 --- a/2017/7xxx/CVE-2017-7757.json +++ b/2017/7xxx/CVE-2017-7757.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in IndexedDB" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356824", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356824" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" - }, - { - "name" : "DSA-3881", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3881" - }, - { - "name" : "DSA-3918", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3918" - }, - { - "name" : "RHSA-2017:1440", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1440" - }, - { - "name" : "RHSA-2017:1561", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1561" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in IndexedDB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "DSA-3918", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3918" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "DSA-3881", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3881" + }, + { + "name": "RHSA-2017:1440", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1440" + }, + { + "name": "RHSA-2017:1561", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1561" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356824", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356824" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7800.json b/2017/7xxx/CVE-2017-7800.json index 348db03aa8a..5026ffe3e8a 100644 --- a/2017/7xxx/CVE-2017-7800.json +++ b/2017/7xxx/CVE-2017-7800.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in WebSockets during disconnection" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1374047", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1374047" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/" - }, - { - "name" : "DSA-3928", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3928" - }, - { - "name" : "DSA-3968", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3968" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2456" - }, - { - "name" : "RHSA-2017:2534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2534" - }, - { - "name" : "100196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100196" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in WebSockets during disconnection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-19/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-20/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1374047", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1374047" + }, + { + "name": "DSA-3968", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3968" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "RHSA-2017:2456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2456" + }, + { + "name": "RHSA-2017:2534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2534" + }, + { + "name": "100196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100196" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + }, + { + "name": "DSA-3928", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3928" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7964.json b/2017/7xxx/CVE-2017-7964.json index 309b51d2e9c..c01dfb8daa9 100644 --- a/2017/7xxx/CVE-2017-7964.json +++ b/2017/7xxx/CVE-2017-7964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.oxy-gen.mobi/blog.html", - "refsource" : "MISC", - "url" : "https://www.oxy-gen.mobi/blog.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.oxy-gen.mobi/blog.html", + "refsource": "MISC", + "url": "https://www.oxy-gen.mobi/blog.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10115.json b/2018/10xxx/CVE-2018-10115.json index 906c8524e9f..8e303f4c29e 100644 --- a/2018/10xxx/CVE-2018-10115.json +++ b/2018/10xxx/CVE-2018-10115.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/" - }, - { - "name" : "https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/" - }, - { - "name" : "104132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104132" - }, - { - "name" : "1040832", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/" + }, + { + "name": "1040832", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040832" + }, + { + "name": "104132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104132" + }, + { + "name": "https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/", + "refsource": "MISC", + "url": "https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10221.json b/2018/10xxx/CVE-2018-10221.json index 5f93ecec81c..6c90fda1a27 100644 --- a/2018/10xxx/CVE-2018-10221.json +++ b/2018/10xxx/CVE-2018-10221.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/129", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/129", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/129" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14339.json b/2018/14xxx/CVE-2018-14339.json index a1f3d347016..eaec14b43d1 100644 --- a/2018/14xxx/CVE-2018-14339.json +++ b/2018/14xxx/CVE-2018-14339.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-38.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-38.html" - }, - { - "name" : "104847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104847" - }, - { - "name" : "1041608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca" + }, + { + "name": "1041608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041608" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-38.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-38.html" + }, + { + "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738" + }, + { + "name": "104847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104847" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14414.json b/2018/14xxx/CVE-2018-14414.json index ea5d46765b9..a5154d3de17 100644 --- a/2018/14xxx/CVE-2018-14414.json +++ b/2018/14xxx/CVE-2018-14414.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14414", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14414", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14848.json b/2018/14xxx/CVE-2018-14848.json index 7e6bab9a031..93eb7a5016b 100644 --- a/2018/14xxx/CVE-2018-14848.json +++ b/2018/14xxx/CVE-2018-14848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17967.json b/2018/17xxx/CVE-2018-17967.json index ed6ec494b8e..b5a6e538e67 100644 --- a/2018/17xxx/CVE-2018-17967.json +++ b/2018/17xxx/CVE-2018-17967.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1051", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1051", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1051" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20026.json b/2018/20xxx/CVE-2018-20026.json index cd9c0671d7a..1208500ee77 100644 --- a/2018/20xxx/CVE-2018-20026.json +++ b/2018/20xxx/CVE-2018-20026.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "DATE_PUBLIC" : "2018-12-19T00:00:00", - "ID" : "CVE-2018-20026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CODESYS V3 products", - "version" : { - "version_data" : [ - { - "version_value" : "prior V3.5.14.0" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Communication Address Filtering" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "DATE_PUBLIC": "2018-12-19T00:00:00", + "ID": "CVE-2018-20026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CODESYS V3 products", + "version": { + "version_data": [ + { + "version_value": "prior V3.5.14.0" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/" - }, - { - "name" : "106251", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Communication Address Filtering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106251", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106251" + }, + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20145.json b/2018/20xxx/CVE-2018-20145.json index 93a67ae42ed..7146b72a56b 100644 --- a/2018/20xxx/CVE-2018-20145.json +++ b/2018/20xxx/CVE-2018-20145.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/eclipse/mosquitto/blob/master/ChangeLog.txt", - "refsource" : "MISC", - "url" : "https://github.com/eclipse/mosquitto/blob/master/ChangeLog.txt" - }, - { - "name" : "https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4", - "refsource" : "MISC", - "url" : "https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4" - }, - { - "name" : "https://github.com/eclipse/mosquitto/issues/1073", - "refsource" : "MISC", - "url" : "https://github.com/eclipse/mosquitto/issues/1073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eclipse/mosquitto/issues/1073", + "refsource": "MISC", + "url": "https://github.com/eclipse/mosquitto/issues/1073" + }, + { + "name": "https://github.com/eclipse/mosquitto/blob/master/ChangeLog.txt", + "refsource": "MISC", + "url": "https://github.com/eclipse/mosquitto/blob/master/ChangeLog.txt" + }, + { + "name": "https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4", + "refsource": "MISC", + "url": "https://github.com/eclipse/mosquitto/commit/9097577b49b7fdcf45d30975976dd93808ccc0c4" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20592.json b/2018/20xxx/CVE-2018-20592.json index f6024322d21..843b12c8395 100644 --- a/2018/20xxx/CVE-2018-20592.json +++ b/2018/20xxx/CVE-2018-20592.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/michaelrsweet/mxml/issues/237", - "refsource" : "MISC", - "url" : "https://github.com/michaelrsweet/mxml/issues/237" - }, - { - "name" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err", - "refsource" : "MISC", - "url" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err" - }, - { - "name" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err", - "refsource" : "MISC", - "url" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err", + "refsource": "MISC", + "url": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err" + }, + { + "name": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err", + "refsource": "MISC", + "url": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err" + }, + { + "name": "https://github.com/michaelrsweet/mxml/issues/237", + "refsource": "MISC", + "url": "https://github.com/michaelrsweet/mxml/issues/237" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20660.json b/2018/20xxx/CVE-2018-20660.json index 57a2fe10c2c..d5f2f090dfe 100644 --- a/2018/20xxx/CVE-2018-20660.json +++ b/2018/20xxx/CVE-2018-20660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20660", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20660", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9024.json b/2018/9xxx/CVE-2018-9024.json index 1fe82857012..de77a554452 100644 --- a/2018/9xxx/CVE-2018-9024.json +++ b/2018/9xxx/CVE-2018-9024.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-06-14T00:00:00", - "ID" : "CVE-2018-9024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA Privileged Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.x" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-06-14T00:00:00", + "ID": "CVE-2018-9024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA Privileged Access Manager", + "version": { + "version_data": [ + { + "version_value": "2.x" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" - }, - { - "name" : "104496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104496" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9420.json b/2018/9xxx/CVE-2018-9420.json index 3e88bd3d365..b57788e7271 100644 --- a/2018/9xxx/CVE-2018-9420.json +++ b/2018/9xxx/CVE-2018-9420.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9420", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9420", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9687.json b/2018/9xxx/CVE-2018-9687.json index dcba36f33f4..9486ce96fe8 100644 --- a/2018/9xxx/CVE-2018-9687.json +++ b/2018/9xxx/CVE-2018-9687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file