diff --git a/2002/0xxx/CVE-2002-0496.json b/2002/0xxx/CVE-2002-0496.json index 42217224b86..a019467be81 100644 --- a/2002/0xxx/CVE-2002-0496.json +++ b/2002/0xxx/CVE-2002-0496.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020326 SouthWest Telnet talker server. DoS (Denial of Service Attack).", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/264168" - }, - { - "name" : "southwest-http-port-dos(8626)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8626.php" - }, - { - "name" : "4362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "southwest-http-port-dos(8626)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8626.php" + }, + { + "name": "20020326 SouthWest Telnet talker server. DoS (Denial of Service Attack).", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/264168" + }, + { + "name": "4362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4362" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0668.json b/2002/0xxx/CVE-2002-0668.json index 5dde3a4f23b..fdb5231a8b1 100644 --- a/2002/0xxx/CVE-2002-0668.json +++ b/2002/0xxx/CVE-2002-0668.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A071202-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt" - }, - { - "name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" - }, - { - "name" : "pingtel-xpressa-call-hijacking(9563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563" - }, - { - "name" : "5144", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", + "refsource": "CONFIRM", + "url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" + }, + { + "name": "A071202-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt" + }, + { + "name": "5144", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5144" + }, + { + "name": "pingtel-xpressa-call-hijacking(9563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9563" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1303.json b/2002/1xxx/CVE-2002-1303.json index e0e34274db4..85524897d9f 100644 --- a/2002/1xxx/CVE-2002-1303.json +++ b/2002/1xxx/CVE-2002-1303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1303", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1303", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1502.json b/2002/1xxx/CVE-2002-1502.json index b91dd3879dd..4f4067d2484 100644 --- a/2002/1xxx/CVE-2002-1502.json +++ b/2002/1xxx/CVE-2002-1502.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020912 xbreaky symlink vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html" - }, - { - "name" : "http://xbreaky.sourceforge.net/", - "refsource" : "CONFIRM", - "url" : "http://xbreaky.sourceforge.net/" - }, - { - "name" : "5700", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5700" - }, - { - "name" : "xbreaky-breakyhighscores-symlink(10078)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10078.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xbreaky-breakyhighscores-symlink(10078)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10078.php" + }, + { + "name": "20020912 xbreaky symlink vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html" + }, + { + "name": "5700", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5700" + }, + { + "name": "http://xbreaky.sourceforge.net/", + "refsource": "CONFIRM", + "url": "http://xbreaky.sourceforge.net/" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1827.json b/2002/1xxx/CVE-2002-1827.json index fa6840b624f..3b7d33850b5 100644 --- a/2002/1xxx/CVE-2002-1827.json +++ b/2002/1xxx/CVE-2002-1827.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020524 Sendmail file locking - PoC", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274033" - }, - { - "name" : "http://www.sendmail.org/LockingAdvisory.txt", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/LockingAdvisory.txt" - }, - { - "name" : "4822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4822" - }, - { - "name" : "sendmail-file-locking-dos(9162)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9162.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020524 Sendmail file locking - PoC", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274033" + }, + { + "name": "sendmail-file-locking-dos(9162)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9162.php" + }, + { + "name": "4822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4822" + }, + { + "name": "http://www.sendmail.org/LockingAdvisory.txt", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/LockingAdvisory.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1880.json b/2002/1xxx/CVE-2002-1880.json index 8e281d0357a..bd2ae81c77d 100644 --- a/2002/1xxx/CVE-2002-1880.json +++ b/2002/1xxx/CVE-2002-1880.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020608 Security holes in LokwaBB and W-Agora", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt" + }, + { + "name": "20020608 Security holes in LokwaBB and W-Agora", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0014.json b/2003/0xxx/CVE-2003-0014.json index 389ff5a34d7..ffd8eea2ea6 100644 --- a/2003/0xxx/CVE-2003-0014.json +++ b/2003/0xxx/CVE-2003-0014.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog" - }, - { - "name" : "DSA-633", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-633" - }, - { - "name" : "12229", - "refsource" : "BID", - "url" : "http://securityfocus.org/bid/12229" - }, - { - "name" : "1012847", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012847" - }, - { - "name" : "13793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13793" - }, - { - "name" : "13796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13796" - }, - { - "name" : "bmv-symlink(18823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13796" + }, + { + "name": "bmv-symlink(18823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18823" + }, + { + "name": "DSA-633", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-633" + }, + { + "name": "12229", + "refsource": "BID", + "url": "http://securityfocus.org/bid/12229" + }, + { + "name": "13793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13793" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog" + }, + { + "name": "1012847", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012847" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0232.json b/2003/0xxx/CVE-2003-0232.json index 1390c78ff19..27b7ed67506 100644 --- a/2003/0xxx/CVE-2003-0232.json +++ b/2003/0xxx/CVE-2003-0232.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A072303-3", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a072303-3.txt" - }, - { - "name" : "MS03-031", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031" - }, - { - "name" : "VU#584868", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/584868" - }, - { - "name" : "oval:org.mitre.oval:def:303", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS03-031", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031" + }, + { + "name": "VU#584868", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/584868" + }, + { + "name": "oval:org.mitre.oval:def:303", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303" + }, + { + "name": "A072303-3", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a072303-3.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1037.json b/2003/1xxx/CVE-2003-1037.json index e1bbe25b007..379a0c3cf53 100644 --- a/2003/1xxx/CVE-2003-1037.json +++ b/2003/1xxx/CVE-2003-1037.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high \"trace level.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", - "refsource" : "MISC", - "url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd" - }, - { - "name" : "1009453", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009453" - }, - { - "name" : "sap-wgate-format-string(15514)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15514" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high \"trace level.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", + "refsource": "MISC", + "url": "http://www.phenoelit.de/stuff/Phenoelit20c3.pd" + }, + { + "name": "1009453", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009453" + }, + { + "name": "sap-wgate-format-string(15514)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15514" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1470.json b/2003/1xxx/CVE-2003-1470.json index 013982e5aad..c9f745ad59d 100644 --- a/2003/1xxx/CVE-2003-1470.json +++ b/2003/1xxx/CVE-2003-1470.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030427 MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/319879" - }, - { - "name" : "7446", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7446" - }, - { - "name" : "3296", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3296" - }, - { - "name" : "mdaemon-imap-create-bo(11896)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7446", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7446" + }, + { + "name": "3296", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3296" + }, + { + "name": "20030427 MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/319879" + }, + { + "name": "mdaemon-imap-create-bo(11896)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11896" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2353.json b/2004/2xxx/CVE-2004-2353.json index 236054ffc6c..66f2b8159b2 100644 --- a/2004/2xxx/CVE-2004-2353.json +++ b/2004/2xxx/CVE-2004-2353.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.incogen.com/downloads/bugport/CHANGELOG.txt", - "refsource" : "CONFIRM", - "url" : "http://www.incogen.com/downloads/bugport/CHANGELOG.txt" - }, - { - "name" : "9542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9542" - }, - { - "name" : "10785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10785/" - }, - { - "name" : "bugport-obtain-information(15030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9542" + }, + { + "name": "bugport-obtain-information(15030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15030" + }, + { + "name": "10785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10785/" + }, + { + "name": "http://www.incogen.com/downloads/bugport/CHANGELOG.txt", + "refsource": "CONFIRM", + "url": "http://www.incogen.com/downloads/bugport/CHANGELOG.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0225.json b/2012/0xxx/CVE-2012-0225.json index 048d4a538f6..2dac6f40963 100644 --- a/2012/0xxx/CVE-2012-0225.json +++ b/2012/0xxx/CVE-2012-0225.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf" - }, - { - "name" : "52851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52851" - }, - { - "name" : "80888", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80888" - }, - { - "name" : "1026886", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026886" - }, - { - "name" : "1026887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026887" - }, - { - "name" : "48603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48603" - }, - { - "name" : "wis-unspecified-xss(74549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026886", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026886" + }, + { + "name": "48603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48603" + }, + { + "name": "52851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52851" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf" + }, + { + "name": "1026887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026887" + }, + { + "name": "wis-unspecified-xss(74549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74549" + }, + { + "name": "80888", + "refsource": "OSVDB", + "url": "http://osvdb.org/80888" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1315.json b/2012/1xxx/CVE-2012-1315.json index c5f5a6b1c54..197da9b2b86 100644 --- a/2012/1xxx/CVE-2012-1315.json +++ b/2012/1xxx/CVE-2012-1315.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw" - }, - { - "name" : "52753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52753" - }, - { - "name" : "80699", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80699" - }, - { - "name" : "1026861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026861" - }, - { - "name" : "48608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48608" - }, - { - "name" : "ciscoios-sip-inspection-dos(74437)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52753" + }, + { + "name": "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw" + }, + { + "name": "48608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48608" + }, + { + "name": "1026861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026861" + }, + { + "name": "ciscoios-sip-inspection-dos(74437)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74437" + }, + { + "name": "80699", + "refsource": "OSVDB", + "url": "http://osvdb.org/80699" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1455.json b/2012/1xxx/CVE-2012-1455.json index 8a8fd4724cf..cd8c94b6cf0 100644 --- a/2012/1xxx/CVE-2012-1455.json +++ b/2012/1xxx/CVE-2012-1455.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52607", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "52607", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52607" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1465.json b/2012/1xxx/CVE-2012-1465.json index 1f1ba199559..7f5e0d1b74e 100644 --- a/2012/1xxx/CVE-2012-1465.json +++ b/2012/1xxx/CVE-2012-1465.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18541", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18541" - }, - { - "name" : "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt" - }, - { - "name" : "http://secpod.org/blog/?p=484", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=484" - }, - { - "name" : "http://www.netmechanica.com/news/?news_id=26", - "refsource" : "CONFIRM", - "url" : "http://www.netmechanica.com/news/?news_id=26" - }, - { - "name" : "52194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52194" - }, - { - "name" : "52208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52208" - }, - { - "name" : "79651", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79651" - }, - { - "name" : "48168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48168" - }, - { - "name" : "netdecision-http-dos(73528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52194" + }, + { + "name": "79651", + "refsource": "OSVDB", + "url": "http://osvdb.org/79651" + }, + { + "name": "netdecision-http-dos(73528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73528" + }, + { + "name": "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt" + }, + { + "name": "52208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52208" + }, + { + "name": "18541", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18541" + }, + { + "name": "http://www.netmechanica.com/news/?news_id=26", + "refsource": "CONFIRM", + "url": "http://www.netmechanica.com/news/?news_id=26" + }, + { + "name": "http://secpod.org/blog/?p=484", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=484" + }, + { + "name": "48168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48168" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1514.json b/2012/1xxx/CVE-2012-1514.json index 1a4c4c9379e..0c7667632de 100644 --- a/2012/1xxx/CVE-2012-1514.json +++ b/2012/1xxx/CVE-2012-1514.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0005.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0005.html" - }, - { - "name" : "52525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52525" - }, - { - "name" : "80121", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80121" - }, - { - "name" : "1026815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026815" - }, - { - "name" : "48409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48409" - }, - { - "name" : "vshield-manager-csrf(74092)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52525" + }, + { + "name": "vshield-manager-csrf(74092)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74092" + }, + { + "name": "1026815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026815" + }, + { + "name": "80121", + "refsource": "OSVDB", + "url": "http://osvdb.org/80121" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html" + }, + { + "name": "48409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48409" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1519.json b/2012/1xxx/CVE-2012-1519.json index a6450da1c07..b6061d8e173 100644 --- a/2012/1xxx/CVE-2012-1519.json +++ b/2012/1xxx/CVE-2012-1519.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1519", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1519", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1540.json b/2012/1xxx/CVE-2012-1540.json index 0b6fcff2d9a..da96d10e9b7 100644 --- a/2012/1xxx/CVE-2012-1540.json +++ b/2012/1xxx/CVE-2012-1540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4020.json b/2012/4xxx/CVE-2012-4020.json index 681a3d1cf9d..5a636c81587 100644 --- a/2012/4xxx/CVE-2012-4020.json +++ b/2012/4xxx/CVE-2012-4020.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#23465354", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23465354/index.html" - }, - { - "name" : "JVNDB-2012-000096", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000096" - }, - { - "name" : "56368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56368" - }, - { - "name" : "51110", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000096", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000096" + }, + { + "name": "56368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56368" + }, + { + "name": "JVN#23465354", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23465354/index.html" + }, + { + "name": "51110", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51110" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4351.json b/2012/4xxx/CVE-2012-4351.json index 0276e531c6d..6a5da11ffe7 100644 --- a/2012/4xxx/CVE-2012-4351.json +++ b/2012/4xxx/CVE-2012-4351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00" - }, - { - "name" : "57170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57170" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4376.json b/2012/4xxx/CVE-2012-4376.json index 3c48b6d8c5b..e6c0708fed6 100644 --- a/2012/4xxx/CVE-2012-4376.json +++ b/2012/4xxx/CVE-2012-4376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4601.json b/2012/4xxx/CVE-2012-4601.json index 29324aa6c4a..49ba56f9432 100644 --- a/2012/4xxx/CVE-2012-4601.json +++ b/2012/4xxx/CVE-2012-4601.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23111", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23111" - }, - { - "name" : "http://freecode.com/projects/tcexam/releases/347588", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/tcexam/releases/347588" - }, - { - "name" : "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view" - }, - { - "name" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971", - "refsource" : "CONFIRM", - "url" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971" - }, - { - "name" : "50539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971", + "refsource": "CONFIRM", + "url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971" + }, + { + "name": "50539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50539" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23111", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23111" + }, + { + "name": "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view" + }, + { + "name": "http://freecode.com/projects/tcexam/releases/347588", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/tcexam/releases/347588" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5651.json b/2012/5xxx/CVE-2012-5651.json index 86f929467dd..c9c664d7e9d 100644 --- a/2012/5xxx/CVE-2012-5651.json +++ b/2012/5xxx/CVE-2012-5651.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/20/1" - }, - { - "name" : "http://drupal.org/SA-CORE-2012-004", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/SA-CORE-2012-004" - }, - { - "name" : "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d" - }, - { - "name" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a" - }, - { - "name" : "DSA-2776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2776" - }, - { - "name" : "MDVSA-2013:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074" - }, - { - "name" : "56993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56993" - }, - { - "name" : "88528", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/88528" - }, - { - "name" : "drupalcore-user-information-disclosure(80792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a" + }, + { + "name": "MDVSA-2013:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074" + }, + { + "name": "http://drupal.org/SA-CORE-2012-004", + "refsource": "CONFIRM", + "url": "http://drupal.org/SA-CORE-2012-004" + }, + { + "name": "56993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56993" + }, + { + "name": "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d" + }, + { + "name": "88528", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/88528" + }, + { + "name": "DSA-2776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2776" + }, + { + "name": "drupalcore-user-information-disclosure(80792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80792" + }, + { + "name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/20/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5683.json b/2012/5xxx/CVE-2012-5683.json index 8fe04713946..bcfba47a46d 100644 --- a/2012/5xxx/CVE-2012-5683.json +++ b/2012/5xxx/CVE-2012-5683.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22490", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/22490" - }, - { - "name" : "http://packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html" - }, - { - "name" : "87140", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/87140" - }, - { - "name" : "51172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51172" - }, - { - "name" : "zpanel-unspecified-csrf(79838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22490", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/22490" + }, + { + "name": "51172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51172" + }, + { + "name": "http://packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/117894/ZPanel-10.0.1-XSS-CSRF-SQL-Injection.html" + }, + { + "name": "87140", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/87140" + }, + { + "name": "zpanel-unspecified-csrf(79838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79838" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5727.json b/2012/5xxx/CVE-2012-5727.json index 8d7d94a4eef..8c506698318 100644 --- a/2012/5xxx/CVE-2012-5727.json +++ b/2012/5xxx/CVE-2012-5727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2818.json b/2017/2xxx/CVE-2017-2818.json index 165791c5378..ce36e971772 100644 --- a/2017/2xxx/CVE-2017-2818.json +++ b/2017/2xxx/CVE-2017-2818.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-2818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Poppler", - "version" : { - "version_data" : [ - { - "version_value" : "0.53.0" - } - ] - } - } - ] - }, - "vendor_name" : "Poppler" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-2818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Poppler", + "version": { + "version_data": [ + { + "version_value": "0.53.0" + } + ] + } + } + ] + }, + "vendor_name": "Poppler" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319" - }, - { - "name" : "99497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319" + }, + { + "name": "99497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99497" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2950.json b/2017/2xxx/CVE-2017-2950.json index 447e7126158..c9beee9a725 100644 --- a/2017/2xxx/CVE-2017-2950.json +++ b/2017/2xxx/CVE-2017-2950.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-021", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-021" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95343" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-021", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-021" + }, + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + }, + { + "name": "95343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95343" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2994.json b/2017/2xxx/CVE-2017-2994.json index 9d69e677d4a..7c50b085582 100644 --- a/2017/2xxx/CVE-2017-2994.json +++ b/2017/2xxx/CVE-2017-2994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.194 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.194 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.194 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0526", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0526.html" - }, - { - "name" : "96199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96199" - }, - { - "name" : "1037815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "96199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96199" + }, + { + "name": "1037815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037815" + }, + { + "name": "RHSA-2017:0526", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0526.html" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3546.json b/2017/3xxx/CVE-2017-3546.json index 31a3b7fa35c..adc485f1058 100644 --- a/2017/3xxx/CVE-2017-3546.json +++ b/2017/3xxx/CVE-2017-3546.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.54" - }, - { - "version_affected" : "=", - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.54" + }, + { + "version_affected": "=", + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42034", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42034/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-17-022-ssrf-peoplesoft-imservlet/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-022-ssrf-peoplesoft-imservlet/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97872" - }, - { - "name" : "1038301", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-17-022-ssrf-peoplesoft-imservlet/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-022-ssrf-peoplesoft-imservlet/" + }, + { + "name": "97872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97872" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038301", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038301" + }, + { + "name": "42034", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42034/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3672.json b/2017/3xxx/CVE-2017-3672.json index 18b9a89b62b..80e14f785ee 100644 --- a/2017/3xxx/CVE-2017-3672.json +++ b/2017/3xxx/CVE-2017-3672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3672", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3672", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3735.json b/2017/3xxx/CVE-2017-3735.json index cf7f3e48148..64a686f50b3 100644 --- a/2017/3xxx/CVE-2017-3735.json +++ b/2017/3xxx/CVE-2017-3735.json @@ -1,176 +1,176 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2017-08-28T00:00:00", - "ID" : "CVE-2017-3735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.0" - }, - { - "version_value" : "1.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out of bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2017-08-28T00:00:00", + "ID": "CVE-2017-3735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "1.1.0" + }, + { + "version_value": "1.0.2" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html" - }, - { - "name" : "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", - "refsource" : "MISC", - "url" : "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822" - }, - { - "name" : "https://www.openssl.org/news/secadv/20170828.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20170828.txt" - }, - { - "name" : "https://www.openssl.org/news/secadv/20171102.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20171102.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170927-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170927-0001/" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171107-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171107-0002/" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-14", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-14" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-15", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-15" - }, - { - "name" : "https://support.apple.com/HT208331", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208331" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-4017", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4017" - }, - { - "name" : "DSA-4018", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4018" - }, - { - "name" : "FreeBSD-SA-17:11", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc" - }, - { - "name" : "GLSA-201712-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-03" - }, - { - "name" : "RHSA-2018:3221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3221" - }, - { - "name" : "RHSA-2018:3505", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3505" - }, - { - "name" : "USN-3611-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3611-2/" - }, - { - "name" : "100515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100515" - }, - { - "name" : "1039726", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039726", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039726" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171107-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171107-0002/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3611-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3611-2/" + }, + { + "name": "DSA-4018", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4018" + }, + { + "name": "GLSA-201712-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-03" + }, + { + "name": "https://support.apple.com/HT208331", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208331" + }, + { + "name": "[debian-lts-announce] 20171109 [SECURITY] [DLA-1157-1] openssl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00011.html" + }, + { + "name": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822", + "refsource": "MISC", + "url": "https://github.com/openssl/openssl/commit/068b963bb7afc57f5bdd723de0dd15e7795d5822" + }, + { + "name": "RHSA-2018:3505", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3505" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170927-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170927-0001/" + }, + { + "name": "https://www.tenable.com/security/tns-2017-15", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-15" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "https://www.openssl.org/news/secadv/20171102.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20171102.txt" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "DSA-4017", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4017" + }, + { + "name": "RHSA-2018:3221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3221" + }, + { + "name": "100515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100515" + }, + { + "name": "https://www.tenable.com/security/tns-2017-14", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-14" + }, + { + "name": "FreeBSD-SA-17:11", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc" + }, + { + "name": "https://www.openssl.org/news/secadv/20170828.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20170828.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3856.json b/2017/3xxx/CVE-2017-3856.json index 93a803f9bcb..79e235bc19a 100644 --- a/2017/3xxx/CVE-2017-3856.json +++ b/2017/3xxx/CVE-2017-3856.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399 Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui" - }, - { - "name" : "97007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97007" - }, - { - "name" : "1038101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399 Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038101" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui" + }, + { + "name": "97007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97007" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6190.json b/2017/6xxx/CVE-2017-6190.json index be6c79537c6..4980184aba1 100644 --- a/2017/6xxx/CVE-2017-6190.json +++ b/2017/6xxx/CVE-2017-6190.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41840", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41840/" - }, - { - "name" : "https://cxsecurity.com/blad/WLB-2017040033", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/blad/WLB-2017040033" - }, - { - "name" : "97620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a \"GET /uir/\" request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/blad/WLB-2017040033", + "refsource": "MISC", + "url": "https://cxsecurity.com/blad/WLB-2017040033" + }, + { + "name": "41840", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41840/" + }, + { + "name": "97620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97620" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6440.json b/2017/6xxx/CVE-2017-6440.json index ad2b10ab8cf..151f2965546 100644 --- a/2017/6xxx/CVE-2017-6440.json +++ b/2017/6xxx/CVE-2017-6440.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libimobiledevice/libplist/issues/99", - "refsource" : "MISC", - "url" : "https://github.com/libimobiledevice/libplist/issues/99" - }, - { - "name" : "97583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libimobiledevice/libplist/issues/99", + "refsource": "MISC", + "url": "https://github.com/libimobiledevice/libplist/issues/99" + }, + { + "name": "97583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97583" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6676.json b/2017/6xxx/CVE-2017-6676.json index ebf6a3e4190..5d907b3c156 100644 --- a/2017/6xxx/CVE-2017-6676.json +++ b/2017/6xxx/CVE-2017-6676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6892.json b/2017/6xxx/CVE-2017-6892.json index 2324062fb1f..d0b8625596b 100644 --- a/2017/6xxx/CVE-2017-6892.json +++ b/2017/6xxx/CVE-2017-6892.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2017-6892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libsndfile", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.28" - } - ] - } - } - ] - }, - "vendor_name" : "Flexera Software LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read memory access leading to information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2017-6892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "libsndfile", + "version": { + "version_data": [ + { + "version_value": "1.0.28" + } + ] + } + } + ] + }, + "vendor_name": "Flexera Software LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/advisories/76717/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/76717/" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" - }, - { - "name" : "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748", - "refsource" : "CONFIRM", - "url" : "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" - }, - { - "name" : "GLSA-201811-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-23" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read memory access leading to information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-13/" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/advisories/76717/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/76717/" + }, + { + "name": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748", + "refsource": "CONFIRM", + "url": "https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748" + }, + { + "name": "GLSA-201811-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-23" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7070.json b/2017/7xxx/CVE-2017-7070.json index 9dbda6c7ea5..a875c642fb3 100644 --- a/2017/7xxx/CVE-2017-7070.json +++ b/2017/7xxx/CVE-2017-7070.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Kernel\" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Kernel\" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7462.json b/2017/7xxx/CVE-2017-7462.json index 4f4bacdc5e3..1de5c4b64d1 100644 --- a/2017/7xxx/CVE-2017-7462.json +++ b/2017/7xxx/CVE-2017-7462.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41829", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41829/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41829", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41829/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7722.json b/2017/7xxx/CVE-2017-7722.json index ea6c2384902..3736ade54bc 100644 --- a/2017/7xxx/CVE-2017-7722.json +++ b/2017/7xxx/CVE-2017-7722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with \"cmc\" and \"password\" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/", - "refsource" : "MISC", - "url" : "https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/" - }, - { - "name" : "https://thwack.solarwinds.com/thread/111223", - "refsource" : "MISC", - "url" : "https://thwack.solarwinds.com/thread/111223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with \"cmc\" and \"password\" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://thwack.solarwinds.com/thread/111223", + "refsource": "MISC", + "url": "https://thwack.solarwinds.com/thread/111223" + }, + { + "name": "https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/", + "refsource": "MISC", + "url": "https://pentest.blog/unexpected-journey-4-escaping-from-restricted-shell-and-gaining-root-access-to-solarwinds-log-event-manager-siem-product/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7913.json b/2017/7xxx/CVE-2017-7913.json index c8bc6ff9dc2..e9a613b40f1 100644 --- a/2017/7xxx/CVE-2017-7913.json +++ b/2017/7xxx/CVE-2017-7913.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa OnCell", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa OnCell" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-256" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa OnCell", + "version": { + "version_data": [ + { + "version_value": "Moxa OnCell" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application's configuration file contains parameters that represent passwords in plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10463.json b/2018/10xxx/CVE-2018-10463.json index 8f9cb8049fb..a6e950865a2 100644 --- a/2018/10xxx/CVE-2018-10463.json +++ b/2018/10xxx/CVE-2018-10463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10463", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10463", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10614.json b/2018/10xxx/CVE-2018-10614.json index f5c2a8b0e1a..f1ba8256acc 100644 --- a/2018/10xxx/CVE-2018-10614.json +++ b/2018/10xxx/CVE-2018-10614.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-31T00:00:00", - "ID" : "CVE-2018-10614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LeviStudioU", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 1.8.29 and 1.8.44" - } - ] - } - } - ] - }, - "vendor_name" : "WECON Technology Co., Ltd" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-31T00:00:00", + "ID": "CVE-2018-10614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LeviStudioU", + "version": { + "version_data": [ + { + "version_value": "Versions 1.8.29 and 1.8.44" + } + ] + } + } + ] + }, + "vendor_name": "WECON Technology Co., Ltd" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10873.json b/2018/10xxx/CVE-2018-10873.json index 23456080469..337737afb4b 100644 --- a/2018/10xxx/CVE-2018-10873.json +++ b/2018/10xxx/CVE-2018-10873.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-10873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "spice:", - "version" : { - "version_data" : [ - { - "version_value" : "0.14.1" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "spice:", + "version": { + "version_data": [ + { + "version_value": "0.14.1" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html" - }, - { - "name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html" - }, - { - "name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873" - }, - { - "name" : "https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c", - "refsource" : "CONFIRM", - "url" : "https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c" - }, - { - "name" : "DSA-4319", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4319" - }, - { - "name" : "RHSA-2018:2731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2731" - }, - { - "name" : "RHSA-2018:2732", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2732" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - }, - { - "name" : "USN-3751-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3751-1/" - }, - { - "name" : "105152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4319", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4319" + }, + { + "name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] spice security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00035.html" + }, + { + "name": "USN-3751-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3751-1/" + }, + { + "name": "RHSA-2018:2732", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2732" + }, + { + "name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1486-1] spice security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00037.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10873" + }, + { + "name": "RHSA-2018:2731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2731" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + }, + { + "name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1489-1] spice-gtk security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00038.html" + }, + { + "name": "105152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105152" + }, + { + "name": "https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c", + "refsource": "CONFIRM", + "url": "https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10942.json b/2018/10xxx/CVE-2018-10942.json index e3665fa480a..01f3641ab75 100644 --- a/2018/10xxx/CVE-2018-10942.json +++ b/2018/10xxx/CVE-2018-10942.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ia-informatica.com/it/CVE-2018-10942", - "refsource" : "MISC", - "url" : "https://ia-informatica.com/it/CVE-2018-10942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ia-informatica.com/it/CVE-2018-10942", + "refsource": "MISC", + "url": "https://ia-informatica.com/it/CVE-2018-10942" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14631.json b/2018/14xxx/CVE-2018-14631.json index 9f3d17036a4..8958c8f58a4 100644 --- a/2018/14xxx/CVE-2018-14631.json +++ b/2018/14xxx/CVE-2018-14631.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-14631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "moodle", - "version" : { - "version_data" : [ - { - "version_value" : "3.5.2" - }, - { - "version_value" : "3.4.5" - }, - { - "version_value" : "3.3.8" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.5.2" + }, + { + "version_value": "3.4.5" + }, + { + "version_value": "3.3.8" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=376025", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=376025" - }, - { - "name" : "105371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=376025", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=376025" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857" + }, + { + "name": "105371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105371" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14712.json b/2018/14xxx/CVE-2018-14712.json index c8e264da47d..64844d145bb 100644 --- a/2018/14xxx/CVE-2018-14712.json +++ b/2018/14xxx/CVE-2018-14712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17005.json b/2018/17xxx/CVE-2018-17005.json index f2966610db2..30d58164439 100644 --- a/2018/17xxx/CVE-2018-17005.json +++ b/2018/17xxx/CVE-2018-17005.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_01/README.md", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_01/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_01/README.md", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_01/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17359.json b/2018/17xxx/CVE-2018-17359.json index 4c7a551fcd7..745c7cc8b73 100644 --- a/2018/17xxx/CVE-2018-17359.json +++ b/2018/17xxx/CVE-2018-17359.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23686", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23686", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23686" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17360.json b/2018/17xxx/CVE-2018-17360.json index 19ff92834ab..7517bbbdae7 100644 --- a/2018/17xxx/CVE-2018-17360.json +++ b/2018/17xxx/CVE-2018-17360.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23685", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executable objdump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23685", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23685" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17446.json b/2018/17xxx/CVE-2018-17446.json index 075a2742ba9..aa52b8be558 100644 --- a/2018/17xxx/CVE-2018-17446.json +++ b/2018/17xxx/CVE-2018-17446.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX236992", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX236992" - }, - { - "name" : "105711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX236992", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX236992" + }, + { + "name": "105711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105711" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20277.json b/2018/20xxx/CVE-2018-20277.json index 0491bc6daed..e0b2b03a474 100644 --- a/2018/20xxx/CVE-2018-20277.json +++ b/2018/20xxx/CVE-2018-20277.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20277", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20277", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20418.json b/2018/20xxx/CVE-2018-20418.json index c792aef4c8b..a124812e358 100644 --- a/2018/20xxx/CVE-2018-20418.json +++ b/2018/20xxx/CVE-2018-20418.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46054", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46054/" - }, - { - "name" : "https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md", - "refsource" : "MISC", - "url" : "https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md" - }, - { - "name" : "https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting", - "refsource" : "MISC", - "url" : "https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting" - }, - { - "name" : "https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html", - "refsource" : "MISC", - "url" : "https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting", + "refsource": "MISC", + "url": "https://github.com/rdincel1/Craft-CMS-3.0.25---Cross-Site-Scripting" + }, + { + "name": "https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html", + "refsource": "MISC", + "url": "https://www.raifberkaydincel.com/craft-cms-3-0-25-cross-site-scripting-vulnerability.html" + }, + { + "name": "46054", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46054/" + }, + { + "name": "https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md", + "refsource": "MISC", + "url": "https://github.com/craftcms/cms/blob/master/CHANGELOG-v3.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20745.json b/2018/20xxx/CVE-2018-20745.json index dccacb46d89..59f618c26ff 100644 --- a/2018/20xxx/CVE-2018-20745.json +++ b/2018/20xxx/CVE-2018-20745.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/yiisoft/yii2/issues/16193", - "refsource" : "MISC", - "url" : "https://github.com/yiisoft/yii2/issues/16193" - }, - { - "name" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf", - "refsource" : "MISC", - "url" : "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf", + "refsource": "MISC", + "url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf" + }, + { + "name": "https://github.com/yiisoft/yii2/issues/16193", + "refsource": "MISC", + "url": "https://github.com/yiisoft/yii2/issues/16193" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9718.json b/2018/9xxx/CVE-2018-9718.json index 76d7a36a4f7..4ea50a21a8f 100644 --- a/2018/9xxx/CVE-2018-9718.json +++ b/2018/9xxx/CVE-2018-9718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9718", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9718", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9855.json b/2018/9xxx/CVE-2018-9855.json index 7f6d3343f30..57d27514059 100644 --- a/2018/9xxx/CVE-2018-9855.json +++ b/2018/9xxx/CVE-2018-9855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9899.json b/2018/9xxx/CVE-2018-9899.json index 2ecc1601573..d7b3bba6527 100644 --- a/2018/9xxx/CVE-2018-9899.json +++ b/2018/9xxx/CVE-2018-9899.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9899", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9899", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file