diff --git a/2002/1xxx/CVE-2002-1316.json b/2002/1xxx/CVE-2002-1316.json index 9d2be199e25..8139e5f9a3b 100644 --- a/2002/1xxx/CVE-2002-1316.json +++ b/2002/1xxx/CVE-2002-1316.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021118 iPlanet WebServer, remote root compromise", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html" - }, - { - "name" : "20021119 iPlanet WebServer, remote root compromise", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103772308030269&w=2" - }, - { - "name" : "http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt", - "refsource" : "MISC", - "url" : "http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt" - }, - { - "name" : "49475", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1" - }, - { - "name" : "6203", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6203" - }, - { - "name" : "iplanet-perl-command-execution(10693)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10693.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49475", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-49475-1" + }, + { + "name": "iplanet-perl-command-execution(10693)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10693.php" + }, + { + "name": "6203", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6203" + }, + { + "name": "http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt", + "refsource": "MISC", + "url": "http://www.ngsec.com/docs/advisories/NGSEC-2002-4.txt" + }, + { + "name": "20021118 iPlanet WebServer, remote root compromise", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0078.html" + }, + { + "name": "20021119 iPlanet WebServer, remote root compromise", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103772308030269&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0027.json b/2003/0xxx/CVE-2003-0027.json index 510441c8733..e792a13ae34 100644 --- a/2003/0xxx/CVE-2003-0027.json +++ b/2003/0xxx/CVE-2003-0027.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104326556329850&w=2" - }, - { - "name" : "http://www.entercept.com/news/uspr/01-22-03.asp", - "refsource" : "MISC", - "url" : "http://www.entercept.com/news/uspr/01-22-03.asp" - }, - { - "name" : "50104", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104" - }, - { - "name" : "VU#850785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/850785" - }, - { - "name" : "6665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6665" - }, - { - "name" : "solaris-kcms-directory-traversal(11129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11129" - }, - { - "name" : "oval:org.mitre.oval:def:120", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120" - }, - { - "name" : "oval:org.mitre.oval:def:195", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195" - }, - { - "name" : "oval:org.mitre.oval:def:2592", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.entercept.com/news/uspr/01-22-03.asp", + "refsource": "MISC", + "url": "http://www.entercept.com/news/uspr/01-22-03.asp" + }, + { + "name": "6665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6665" + }, + { + "name": "50104", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104" + }, + { + "name": "VU#850785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/850785" + }, + { + "name": "oval:org.mitre.oval:def:2592", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592" + }, + { + "name": "oval:org.mitre.oval:def:120", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120" + }, + { + "name": "solaris-kcms-directory-traversal(11129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11129" + }, + { + "name": "oval:org.mitre.oval:def:195", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195" + }, + { + "name": "20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104326556329850&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0077.json b/2003/0xxx/CVE-2003-0077.json index d4ef04e10de..43c3f02e929 100644 --- a/2003/0xxx/CVE-2003-0077.json +++ b/2003/0xxx/CVE-2003-0077.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" - }, - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2" - }, - { - "name" : "RHSA-2003:070", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-070.html" - }, - { - "name" : "RHSA-2003:071", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-071.html" - }, - { - "name" : "terminal-emulator-window-title(11414)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11414.php" - }, - { - "name" : "4917", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2" + }, + { + "name": "RHSA-2003:071", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-071.html" + }, + { + "name": "terminal-emulator-window-title(11414)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11414.php" + }, + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" + }, + { + "name": "4917", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4917" + }, + { + "name": "RHSA-2003:070", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-070.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0170.json b/2003/0xxx/CVE-2003-0170.json index 91b95042ca4..ecaddd5158d 100644 --- a/2003/0xxx/CVE-2003-0170.json +++ b/2003/0xxx/CVE-2003-0170.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY42424", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424" - }, - { - "name" : "MSS-OAR-E01-2003.0469.1", - "refsource" : "IBM", - "url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1" - }, - { - "name" : "7346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7346" - }, - { - "name" : "4878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4878" - }, - { - "name" : "aix-ftpd-gain-access(11823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7346" + }, + { + "name": "aix-ftpd-gain-access(11823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11823" + }, + { + "name": "4878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4878" + }, + { + "name": "IY42424", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424" + }, + { + "name": "MSS-OAR-E01-2003.0469.1", + "refsource": "IBM", + "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0913.json b/2003/0xxx/CVE-2003-0913.json index 0fc47ef2982..8a991005543 100644 --- a/2003/0xxx/CVE-2003-0913.json +++ b/2003/0xxx/CVE-2003-0913.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow \"unauthorized access.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=120269", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=120269" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=61798", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=61798" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00040.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00040.html" - }, - { - "name" : "8979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8979" - }, - { - "name" : "macos-terminal-gain-access(13620)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow \"unauthorized access.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-terminal-gain-access(13620)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13620" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=120269", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=120269" + }, + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00040.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00040.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=61798", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=61798" + }, + { + "name": "8979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8979" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1138.json b/2003/1xxx/CVE-2003-1138.json index 9af0d815578..e45f4856440 100644 --- a/2003/1xxx/CVE-2003-1138.json +++ b/2003/1xxx/CVE-2003-1138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031027 Root Directory Listing on RH default apache", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342578" - }, - { - "name" : "8898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8898" + }, + { + "name": "20031027 Root Directory Listing on RH default apache", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342578" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1206.json b/2003/1xxx/CVE-2003-1206.json index 7f35f328aef..f4148ca9c13 100644 --- a/2003/1xxx/CVE-2003-1206.json +++ b/2003/1xxx/CVE-2003-1206.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via \"%s\" or \"%n\" sequences in (1) the username during login, or other FTP commands such as (2) dir." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106019292611151&w=2" - }, - { - "name" : "20030807 Re: DoS Vulnerabilities in Crob FTP Server 2.60.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-08/0087.html" - }, - { - "name" : "http://www.crob.net/studio/ftpserver/", - "refsource" : "MISC", - "url" : "http://www.crob.net/studio/ftpserver/" - }, - { - "name" : "8929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8929" - }, - { - "name" : "crob-login-dos(12834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via \"%s\" or \"%n\" sequences in (1) the username during login, or other FTP commands such as (2) dir." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.crob.net/studio/ftpserver/", + "refsource": "MISC", + "url": "http://www.crob.net/studio/ftpserver/" + }, + { + "name": "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106019292611151&w=2" + }, + { + "name": "8929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8929" + }, + { + "name": "20030807 Re: DoS Vulnerabilities in Crob FTP Server 2.60.1", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-08/0087.html" + }, + { + "name": "crob-login-dos(12834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12834" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1306.json b/2003/1xxx/CVE-2003-1306.json index c243d803ccc..a679d6afc7b 100644 --- a/2003/1xxx/CVE-2003-1306.json +++ b/2003/1xxx/CVE-2003-1306.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 \"Bad Request,\" which leak the Server header in the response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure", - "refsource" : "MLIST", - "url" : "http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html" - }, - { - "name" : "29370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29370" - }, - { - "name" : "9194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 \"Bad Request,\" which leak the Server header in the response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29370" + }, + { + "name": "9194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9194" + }, + { + "name": "[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure", + "refsource": "MLIST", + "url": "http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1341.json b/2003/1xxx/CVE-2003-1341.json index a2a364ab6d8..19f168683a4 100644 --- a/2003/1xxx/CVE-2003-1341.json +++ b/2003/1xxx/CVE-2003-1341.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030114 Assorted Trend Vulns Rev 2.0", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html" - }, - { - "name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", - "refsource" : "CONFIRM", - "url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353" - }, - { - "name" : "6616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6616" - }, - { - "name" : "6181", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6181" - }, - { - "name" : "7881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7881" - }, - { - "name" : "officescan-cgichkmasterpwd-auth-bypass(11059)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6181", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6181" + }, + { + "name": "7881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7881" + }, + { + "name": "officescan-cgichkmasterpwd-auth-bypass(11059)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059" + }, + { + "name": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353", + "refsource": "CONFIRM", + "url": "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353" + }, + { + "name": "20030114 Assorted Trend Vulns Rev 2.0", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html" + }, + { + "name": "6616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6616" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0469.json b/2004/0xxx/CVE-2004-0469.json index d03b9f2109e..86a6ca57137 100644 --- a/2004/0xxx/CVE-2004-0469.json +++ b/2004/0xxx/CVE-2004-0469.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040504 ISAKMP Vulnerability", - "refsource" : "CHECKPOINT", - "url" : "http://www.checkpoint.com/techsupport/alerts/ike_vpn.html" - }, - { - "name" : "vpn1-isakmp-bo(16060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16060" - }, - { - "name" : "10273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vpn1-isakmp-bo(16060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16060" + }, + { + "name": "20040504 ISAKMP Vulnerability", + "refsource": "CHECKPOINT", + "url": "http://www.checkpoint.com/techsupport/alerts/ike_vpn.html" + }, + { + "name": "10273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10273" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0688.json b/2004/0xxx/CVE-2004-0688.json index 590f0776e83..502d1137d62 100644 --- a/2004/0xxx/CVE-2004-0688.json +++ b/2004/0xxx/CVE-2004-0688.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040915 CESA-2004-004: libXpm", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109530851323415&w=2" - }, - { - "name" : "http://scary.beasts.org/security/CESA-2004-003.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2004-003.txt" - }, - { - "name" : "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch", - "refsource" : "CONFIRM", - "url" : "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" - }, - { - "name" : "APPLE-SA-2005-05-03", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" - }, - { - "name" : "CLA-2005:924", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924" - }, - { - "name" : "DSA-560", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-560" - }, - { - "name" : "FLSA-2006:152803", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" - }, - { - "name" : "GLSA-200409-34", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" - }, - { - "name" : "GLSA-200502-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" - }, - { - "name" : "HPSBUX02119", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434715/100/0/threaded" - }, - { - "name" : "SSRT4848", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/434715/100/0/threaded" - }, - { - "name" : "MDKSA-2004:098", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" - }, - { - "name" : "RHSA-2004:537", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-537.html" - }, - { - "name" : "RHSA-2005:004", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-004.html" - }, - { - "name" : "57653", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" - }, - { - "name" : "SUSE-SA:2004:034", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" - }, - { - "name" : "USN-27-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/27-1/" - }, - { - "name" : "TA05-136A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" - }, - { - "name" : "VU#537878", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/537878" - }, - { - "name" : "11196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11196" - }, - { - "name" : "oval:org.mitre.oval:def:11796", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" - }, - { - "name" : "ADV-2006-1914", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1914" - }, - { - "name" : "20235", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20235" - }, - { - "name" : "libxpm-xpmfile-integer-overflow(17416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#537878", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/537878" + }, + { + "name": "RHSA-2005:004", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-004.html" + }, + { + "name": "USN-27-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/27-1/" + }, + { + "name": "ADV-2006-1914", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1914" + }, + { + "name": "GLSA-200409-34", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml" + }, + { + "name": "TA05-136A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html" + }, + { + "name": "MDKSA-2004:098", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:098" + }, + { + "name": "HPSBUX02119", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" + }, + { + "name": "RHSA-2004:537", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html" + }, + { + "name": "20040915 CESA-2004-004: libXpm", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109530851323415&w=2" + }, + { + "name": "DSA-560", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-560" + }, + { + "name": "oval:org.mitre.oval:def:11796", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796" + }, + { + "name": "http://scary.beasts.org/security/CESA-2004-003.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2004-003.txt" + }, + { + "name": "APPLE-SA-2005-05-03", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html" + }, + { + "name": "CLA-2005:924", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924" + }, + { + "name": "SUSE-SA:2004:034", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html" + }, + { + "name": "libxpm-xpmfile-integer-overflow(17416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17416" + }, + { + "name": "11196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11196" + }, + { + "name": "GLSA-200502-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml" + }, + { + "name": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch", + "refsource": "CONFIRM", + "url": "http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch" + }, + { + "name": "FLSA-2006:152803", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" + }, + { + "name": "20235", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20235" + }, + { + "name": "SSRT4848", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/434715/100/0/threaded" + }, + { + "name": "57653", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0801.json b/2004/0xxx/CVE-2004-0801.json index 0c892a2f1e8..0e82e5601c0 100644 --- a/2004/0xxx/CVE-2004-0801.json +++ b/2004/0xxx/CVE-2004-0801.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:880", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880" - }, - { - "name" : "MDKSA-2004:094", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094" - }, - { - "name" : "SCOSA-2005.12", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt" - }, - { - "name" : "201005", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1" - }, - { - "name" : "1000757", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1" - }, - { - "name" : "SUSE-SA:2004:031", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_31_cups.html" - }, - { - "name" : "SUSE-SA:2006:026", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html" - }, - { - "name" : "2004-0047", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0047/" - }, - { - "name" : "11184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11184" - }, - { - "name" : "12557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12557/" - }, - { - "name" : "20312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20312" - }, - { - "name" : "foomatic-command-execution(17388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2004:031", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_31_cups.html" + }, + { + "name": "1000757", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000757.1-1" + }, + { + "name": "SCOSA-2005.12", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt" + }, + { + "name": "SUSE-SA:2006:026", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0007.html" + }, + { + "name": "foomatic-command-execution(17388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17388" + }, + { + "name": "CLA-2004:880", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000880" + }, + { + "name": "2004-0047", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0047/" + }, + { + "name": "MDKSA-2004:094", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:094" + }, + { + "name": "11184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11184" + }, + { + "name": "12557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12557/" + }, + { + "name": "201005", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201005-1" + }, + { + "name": "20312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20312" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0848.json b/2004/0xxx/CVE-2004-0848.json index c85d0b04b56..6ace5abc21f 100644 --- a/2004/0xxx/CVE-2004-0848.json +++ b/2004/0xxx/CVE-2004-0848.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) \"%00 (null byte) in .doc filenames or (2) \"%0a\" (carriage return) in .rtf filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS05-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "VU#416001", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/416001" - }, - { - "name" : "oval:org.mitre.oval:def:2348", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348" - }, - { - "name" : "oval:org.mitre.oval:def:2738", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738" - }, - { - "name" : "oval:org.mitre.oval:def:4022", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022" - }, - { - "name" : "ms-url-bo(19107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) \"%00 (null byte) in .doc filenames or (2) \"%0a\" (carriage return) in .rtf filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#416001", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/416001" + }, + { + "name": "MS05-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-005" + }, + { + "name": "oval:org.mitre.oval:def:2738", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2738" + }, + { + "name": "oval:org.mitre.oval:def:2348", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2348" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "oval:org.mitre.oval:def:4022", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4022" + }, + { + "name": "ms-url-bo(19107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19107" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0965.json b/2004/0xxx/CVE-2004-0965.json index 0d4eefa2c48..63f471f61e7 100644 --- a/2004/0xxx/CVE-2004-0965.json +++ b/2004/0xxx/CVE-2004-0965.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041021 NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109837243713696&w=2" - }, - { - "name" : "http://www.nsfocus.com/english/homepage/research/0402.htm", - "refsource" : "MISC", - "url" : "http://www.nsfocus.com/english/homepage/research/0402.htm" - }, - { - "name" : "SSRT4807", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/7351" - }, - { - "name" : "11493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11493" - }, - { - "name" : "oval:org.mitre.oval:def:5538", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5538" - }, - { - "name" : "hpux-stmkfont-gain-privileges(17813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hpux-stmkfont-gain-privileges(17813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17813" + }, + { + "name": "11493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11493" + }, + { + "name": "20041021 NSFOCUS SA2004-02 : HP-UX stmkfont Local Privilege Escalation Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109837243713696&w=2" + }, + { + "name": "oval:org.mitre.oval:def:5538", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5538" + }, + { + "name": "SSRT4807", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/7351" + }, + { + "name": "http://www.nsfocus.com/english/homepage/research/0402.htm", + "refsource": "MISC", + "url": "http://www.nsfocus.com/english/homepage/research/0402.htm" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2134.json b/2004/2xxx/CVE-2004-2134.json index 1a25405f95e..0e08fb4b3fd 100644 --- a/2004/2xxx/CVE-2004-2134.json +++ b/2004/2xxx/CVE-2004-2134.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040128 Oracle toplink mapping workbench password algorithm", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107531028325112&w=2" - }, - { - "name" : "20040128 Re: Oracle toplink mapping workbench password algorithm", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/352315/30/21430/threaded" - }, - { - "name" : "20040128 Re: Oracle toplink mapping workbench password algorithm", - "refsource" : "VULN-DEV", - "url" : "http://www.securityfocus.com/archive/82/351719" - }, - { - "name" : "http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5", - "refsource" : "MISC", - "url" : "http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5" - }, - { - "name" : "9515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9515" + }, + { + "name": "20040128 Re: Oracle toplink mapping workbench password algorithm", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/352315/30/21430/threaded" + }, + { + "name": "http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5", + "refsource": "MISC", + "url": "http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5" + }, + { + "name": "20040128 Oracle toplink mapping workbench password algorithm", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107531028325112&w=2" + }, + { + "name": "20040128 Re: Oracle toplink mapping workbench password algorithm", + "refsource": "VULN-DEV", + "url": "http://www.securityfocus.com/archive/82/351719" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2752.json b/2004/2xxx/CVE-2004-2752.json index bd86be28425..233bded7a88 100644 --- a/2004/2xxx/CVE-2004-2752.json +++ b/2004/2xxx/CVE-2004-2752.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040102 PostNuke Issues (0.726 && Possibly Older)", - "refsource" : "BUGTRAQ", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html" - }, - { - "name" : "http://www.gulftech.org/01032004.php", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/01032004.php" - }, - { - "name" : "1008629", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008629", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008629" + }, + { + "name": "20040102 PostNuke Issues (0.726 && Possibly Older)", + "refsource": "BUGTRAQ", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0015.html" + }, + { + "name": "http://www.gulftech.org/01032004.php", + "refsource": "MISC", + "url": "http://www.gulftech.org/01032004.php" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2766.json b/2004/2xxx/CVE-2004-2766.json index 1d2472e5acc..4a634b5132c 100644 --- a/2004/2xxx/CVE-2004-2766.json +++ b/2004/2xxx/CVE-2004-2766.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified \"access\" to e-mail via a crafted e-mail message, related to a \"session hijacking\" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1" - }, - { - "name" : "201180", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201180-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified \"access\" to e-mail via a crafted e-mail message, related to a \"session hijacking\" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "201180", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201180-1" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-55-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2015.json b/2008/2xxx/CVE-2008-2015.json index c7ec47a86bb..cf9e8331566 100644 --- a/2008/2xxx/CVE-2008-2015.json +++ b/2008/2xxx/CVE-2008-2015.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5496", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5496" - }, - { - "name" : "28940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28940" - }, - { - "name" : "1019948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019948" - }, - { - "name" : "appscan-activex-file-overwrite(42077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5496", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5496" + }, + { + "name": "28940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28940" + }, + { + "name": "1019948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019948" + }, + { + "name": "appscan-activex-file-overwrite(42077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42077" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2377.json b/2008/2xxx/CVE-2008-2377.json index 4b96274f78f..a1875b4a907 100644 --- a/2008/2xxx/CVE-2008-2377.json +++ b/2008/2xxx/CVE-2008-2377.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html" - }, - { - "name" : "[gnutls-devel] 20080630 GnuTLS 2.4.1", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947" - }, - { - "name" : "http://www.gnu.org/software/gnutls/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.gnu.org/software/gnutls/security.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2650", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2650" - }, - { - "name" : "30713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30713" - }, - { - "name" : "ADV-2008-2398", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2398" - }, - { - "name" : "31505", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31505" - }, - { - "name" : "gnutls-gnutlshandshake-code-execution(44486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[gnutls-devel] 20080630 GnuTLS 2.4.1", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2947" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2650", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2650" + }, + { + "name": "http://www.gnu.org/software/gnutls/security.html", + "refsource": "CONFIRM", + "url": "http://www.gnu.org/software/gnutls/security.html" + }, + { + "name": "[gnutls-devel] 20080630 Details on the gnutls_handshake local crash problem [GNUTLS-SA-2008-2]", + "refsource": "MLIST", + "url": "http://www.nabble.com/Details-on-the-gnutls_handshake-local-crash-problem--GNUTLS-SA-2008-2--td18205022.html" + }, + { + "name": "ADV-2008-2398", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2398" + }, + { + "name": "30713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30713" + }, + { + "name": "gnutls-gnutlshandshake-code-execution(44486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44486" + }, + { + "name": "31505", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31505" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2460.json b/2008/2xxx/CVE-2008-2460.json index b3bdceae96e..311f1aef88c 100644 --- a/2008/2xxx/CVE-2008-2460.json +++ b/2008/2xxx/CVE-2008-2460.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080520 Vbulletin 3.7.0 Gold >> Sql injection on faq.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492290/100/0/threaded" - }, - { - "name" : "29293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29293" - }, - { - "name" : "vbulletin-faq-sql-injection(42541)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vbulletin-faq-sql-injection(42541)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42541" + }, + { + "name": "29293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29293" + }, + { + "name": "20080520 Vbulletin 3.7.0 Gold >> Sql injection on faq.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492290/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2497.json b/2008/2xxx/CVE-2008-2497.json index e385057f24e..97e596e9867 100644 --- a/2008/2xxx/CVE-2008-2497.json +++ b/2008/2xxx/CVE-2008-2497.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.mambo-foundation.org/showthread.php?t=11799", - "refsource" : "CONFIRM", - "url" : "http://forum.mambo-foundation.org/showthread.php?t=11799" - }, - { - "name" : "29373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29373" - }, - { - "name" : "ADV-2008-1660", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1660/references" - }, - { - "name" : "30343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30343" - }, - { - "name" : "mambo-unspecified-response-splitting(42645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1660", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1660/references" + }, + { + "name": "29373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29373" + }, + { + "name": "http://forum.mambo-foundation.org/showthread.php?t=11799", + "refsource": "CONFIRM", + "url": "http://forum.mambo-foundation.org/showthread.php?t=11799" + }, + { + "name": "30343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30343" + }, + { + "name": "mambo-unspecified-response-splitting(42645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2521.json b/2008/2xxx/CVE-2008-2521.json index 7ae4e8e7756..f4458b39493 100644 --- a/2008/2xxx/CVE-2008-2521.json +++ b/2008/2xxx/CVE-2008-2521.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5598", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5598" - }, - { - "name" : "29167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29167" - }, - { - "name" : "30210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30210" - }, - { - "name" : "megafile-members-sql-injection(42355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "megafile-members-sql-injection(42355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42355" + }, + { + "name": "5598", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5598" + }, + { + "name": "29167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29167" + }, + { + "name": "30210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30210" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2695.json b/2008/2xxx/CVE-2008-2695.json index 56b426a9811..c3592805ef3 100644 --- a/2008/2xxx/CVE-2008-2695.json +++ b/2008/2xxx/CVE-2008-2695.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5754", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5754" - }, - { - "name" : "29597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29597" - }, - { - "name" : "phpinv-entry-file-include(42926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29597" + }, + { + "name": "phpinv-entry-file-include(42926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42926" + }, + { + "name": "5754", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5754" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0314.json b/2012/0xxx/CVE-2012-0314.json index ac05f8e73b0..5942ed212a4 100644 --- a/2012/0xxx/CVE-2012-0314.json +++ b/2012/0xxx/CVE-2012-0314.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://emobile.jp/topics/info20120201_01.html", - "refsource" : "CONFIRM", - "url" : "http://emobile.jp/topics/info20120201_01.html" - }, - { - "name" : "JVN#33021167", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN33021167/index.html" - }, - { - "name" : "JVNDB-2012-000010", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000010" - }, - { - "name" : "51782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51782" - }, - { - "name" : "47795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51782" + }, + { + "name": "47795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47795" + }, + { + "name": "JVNDB-2012-000010", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000010" + }, + { + "name": "http://emobile.jp/topics/info20120201_01.html", + "refsource": "CONFIRM", + "url": "http://emobile.jp/topics/info20120201_01.html" + }, + { + "name": "JVN#33021167", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN33021167/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1354.json b/2012/1xxx/CVE-2012-1354.json index 0b5eecc4645..3e2334a156c 100644 --- a/2012/1xxx/CVE-2012-1354.json +++ b/2012/1xxx/CVE-2012-1354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1354", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1354", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1429.json b/2012/1xxx/CVE-2012-1429.json index d616643fbcc..a857c822b33 100644 --- a/2012/1xxx/CVE-2012-1429.json +++ b/2012/1xxx/CVE-2012-1429.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "multiple-av-elf-ustar-evasion(74244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "multiple-av-elf-ustar-evasion(74244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74244" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1538.json b/2012/1xxx/CVE-2012-1538.json index 6f4b9a81e05..cd307f168cc 100644 --- a/2012/1xxx/CVE-2012-1538.json +++ b/2012/1xxx/CVE-2012-1538.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka \"CFormElement Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-071" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "56420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56420" - }, - { - "name" : "oval:org.mitre.oval:def:15677", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15677" - }, - { - "name" : "1027749", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027749" - }, - { - "name" : "51202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka \"CFormElement Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027749", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027749" + }, + { + "name": "oval:org.mitre.oval:def:15677", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15677" + }, + { + "name": "MS12-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-071" + }, + { + "name": "51202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51202" + }, + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + }, + { + "name": "56420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56420" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5403.json b/2012/5xxx/CVE-2012-5403.json index bae2a4f6471..6e76351d320 100644 --- a/2012/5xxx/CVE-2012-5403.json +++ b/2012/5xxx/CVE-2012-5403.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5403", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5403", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5633.json b/2012/5xxx/CVE-2012-5633.json index 2afda73f857..5ee6258e60f 100644 --- a/2012/5xxx/CVE-2012-5633.json +++ b/2012/5xxx/CVE-2012-5633.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130208 New security advisories for Apache CXF", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Feb/39" - }, - { - "name" : "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" - }, - { - "name" : "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests", - "refsource" : "MISC", - "url" : "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" - }, - { - "name" : "https://issues.jboss.org/browse/JBWS-3575", - "refsource" : "MISC", - "url" : "https://issues.jboss.org/browse/JBWS-3575" - }, - { - "name" : "http://cxf.apache.org/cve-2012-5633.html", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/cve-2012-5633.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1409324", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1409324" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1420698", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1420698" - }, - { - "name" : "https://issues.apache.org/jira/browse/CXF-4629", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/CXF-4629" - }, - { - "name" : "RHSA-2013:0256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0256.html" - }, - { - "name" : "RHSA-2013:0257", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0257.html" - }, - { - "name" : "RHSA-2013:0258", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0258.html" - }, - { - "name" : "RHSA-2013:0259", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0259.html" - }, - { - "name" : "RHSA-2013:0726", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0726.html" - }, - { - "name" : "RHSA-2013:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0743.html" - }, - { - "name" : "RHSA-2013:0749", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0749.html" - }, - { - "name" : "57874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57874" - }, - { - "name" : "90079", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/90079" - }, - { - "name" : "51988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51988" - }, - { - "name" : "52183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52183" - }, - { - "name" : "apachecxf-wssecurity-security-bypass(81980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51988" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1409324", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1409324" + }, + { + "name": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests", + "refsource": "MISC", + "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" + }, + { + "name": "20130208 New security advisories for Apache CXF", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Feb/39" + }, + { + "name": "RHSA-2013:0256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" + }, + { + "name": "90079", + "refsource": "OSVDB", + "url": "http://osvdb.org/90079" + }, + { + "name": "RHSA-2013:0257", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1420698", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1420698" + }, + { + "name": "https://issues.jboss.org/browse/JBWS-3575", + "refsource": "MISC", + "url": "https://issues.jboss.org/browse/JBWS-3575" + }, + { + "name": "57874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57874" + }, + { + "name": "https://issues.apache.org/jira/browse/CXF-4629", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/CXF-4629" + }, + { + "name": "RHSA-2013:0258", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" + }, + { + "name": "52183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52183" + }, + { + "name": "RHSA-2013:0749", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" + }, + { + "name": "RHSA-2013:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" + }, + { + "name": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" + }, + { + "name": "http://cxf.apache.org/cve-2012-5633.html", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/cve-2012-5633.html" + }, + { + "name": "apachecxf-wssecurity-security-bypass(81980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" + }, + { + "name": "RHSA-2013:0259", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" + }, + { + "name": "RHSA-2013:0726", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5967.json b/2012/5xxx/CVE-2012-5967.json index 290e8432fdf..f8e5f891e23 100644 --- a/2012/5xxx/CVE-2012-5967.json +++ b/2012/5xxx/CVE-2012-5967.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-5967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forge.centreon.com/projects/centreon/repository/revisions/13749", - "refsource" : "MISC", - "url" : "http://forge.centreon.com/projects/centreon/repository/revisions/13749" - }, - { - "name" : "VU#856892", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/856892" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#856892", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/856892" + }, + { + "name": "http://forge.centreon.com/projects/centreon/repository/revisions/13749", + "refsource": "MISC", + "url": "http://forge.centreon.com/projects/centreon/repository/revisions/13749" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11057.json b/2017/11xxx/CVE-2017-11057.json index d6df88c57f4..d7a3e516fb5 100644 --- a/2017/11xxx/CVE-2017-11057.json +++ b/2017/11xxx/CVE-2017-11057.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11119.json b/2017/11xxx/CVE-2017-11119.json index d915e00ada6..631a7da6cb3 100644 --- a/2017/11xxx/CVE-2017-11119.json +++ b/2017/11xxx/CVE-2017-11119.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/78", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/78" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a in Nosefart 2.9-mls allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted nsf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/78", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/78" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11801.json b/2017/11xxx/CVE-2017-11801.json index f049eae0af5..8ae5748556d 100644 --- a/2017/11xxx/CVE-2017-11801.json +++ b/2017/11xxx/CVE-2017-11801.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11801", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11801" - }, - { - "name" : "101146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101146" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11801", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11801" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11826.json b/2017/11xxx/CVE-2017-11826.json index 165a2e7c595..ab9d10b3d61 100644 --- a/2017/11xxx/CVE-2017-11826.json +++ b/2017/11xxx/CVE-2017-11826.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, Office Online Server." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/", - "refsource" : "MISC", - "url" : "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/" - }, - { - "name" : "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", - "refsource" : "MISC", - "url" : "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/" - }, - { - "name" : "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html", - "refsource" : "MISC", - "url" : "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826" - }, - { - "name" : "101219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101219" - }, - { - "name" : "1039541", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11826" + }, + { + "name": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html", + "refsource": "MISC", + "url": "https://0patch.blogspot.com/2017/11/0patching-pretty-nasty-microsoft-word.html" + }, + { + "name": "101219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101219" + }, + { + "name": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/", + "refsource": "MISC", + "url": "https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/" + }, + { + "name": "1039541", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039541" + }, + { + "name": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/", + "refsource": "MISC", + "url": "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3025.json b/2017/3xxx/CVE-2017-3025.json index e17f86936be..756923d6734 100644 --- a/2017/3xxx/CVE-2017-3025.json +++ b/2017/3xxx/CVE-2017-3025.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97556" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97556" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3338.json b/2017/3xxx/CVE-2017-3338.json index 5c46afbaca0..5c714a885d3 100644 --- a/2017/3xxx/CVE-2017-3338.json +++ b/2017/3xxx/CVE-2017-3338.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3738.json b/2017/3xxx/CVE-2017-3738.json index cd676e826dc..ee5e82517e0 100644 --- a/2017/3xxx/CVE-2017-3738.json +++ b/2017/3xxx/CVE-2017-3738.json @@ -1,186 +1,186 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2017-12-07T00:00:00", - "ID" : "CVE-2017-3738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.2-1.02m" - }, - { - "version_value" : "1.1.0-1.1.0g" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "carry-propagating bug" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2017-12-07T00:00:00", + "ID": "CVE-2017-3738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "1.0.2-1.02m" + }, + { + "version_value": "1.1.0-1.1.0g" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a", - "refsource" : "MISC", - "url" : "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a" - }, - { - "name" : "https://www.openssl.org/news/secadv/20171207.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20171207.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171208-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171208-0001/" - }, - { - "name" : "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://www.openssl.org/news/secadv/20180327.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20180327.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-04", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-04" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-06", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-06" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-07", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-07" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-4065", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4065" - }, - { - "name" : "DSA-4157", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4157" - }, - { - "name" : "FreeBSD-SA-17:12", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc" - }, - { - "name" : "GLSA-201712-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-03" - }, - { - "name" : "RHSA-2018:0998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0998" - }, - { - "name" : "RHSA-2018:2185", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2185" - }, - { - "name" : "RHSA-2018:2186", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2186" - }, - { - "name" : "RHSA-2018:2187", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2187" - }, - { - "name" : "102118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102118" - }, - { - "name" : "1039978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "carry-propagating bug" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/tns-2018-07", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-07" + }, + { + "name": "https://www.tenable.com/security/tns-2018-04", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-04" + }, + { + "name": "RHSA-2018:2185", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2185" + }, + { + "name": "RHSA-2018:2186", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2186" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "FreeBSD-SA-17:12", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc" + }, + { + "name": "GLSA-201712-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-03" + }, + { + "name": "1039978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039978" + }, + { + "name": "DSA-4157", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4157" + }, + { + "name": "https://www.openssl.org/news/secadv/20171207.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20171207.txt" + }, + { + "name": "RHSA-2018:0998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0998" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a", + "refsource": "MISC", + "url": "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a" + }, + { + "name": "https://www.tenable.com/security/tns-2018-06", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-06" + }, + { + "name": "DSA-4065", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4065" + }, + { + "name": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "102118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102118" + }, + { + "name": "https://www.tenable.com/security/tns-2017-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-16" + }, + { + "name": "https://www.openssl.org/news/secadv/20180327.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20180327.txt" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us" + }, + { + "name": "RHSA-2018:2187", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2187" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171208-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171208-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3749.json b/2017/3xxx/CVE-2017-3749.json index 8f2a1a60cef..69c593faeaa 100644 --- a/2017/3xxx/CVE-2017-3749.json +++ b/2017/3xxx/CVE-2017-3749.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2017-06-28T00:00:00", - "ID" : "CVE-2017-3749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lenovo Vibe and Lenovo China-only Moto Mobile Phones", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 6.0" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2017-06-28T00:00:00", + "ID": "CVE-2017-3749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lenovo Vibe and Lenovo China-only Moto Mobile Phones", + "version": { + "version_data": [ + { + "version_value": "Earlier than 6.0" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-15823", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-15823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-15823", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-15823" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3993.json b/2017/3xxx/CVE-2017-3993.json index b5b268fcc58..a68927c6d79 100644 --- a/2017/3xxx/CVE-2017-3993.json +++ b/2017/3xxx/CVE-2017-3993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3993", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3993", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7095.json b/2017/7xxx/CVE-2017-7095.json index 35d9dc4e837..74105f13bc7 100644 --- a/2017/7xxx/CVE-2017-7095.json +++ b/2017/7xxx/CVE-2017-7095.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "101006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101006" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "101006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101006" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7204.json b/2017/7xxx/CVE-2017-7204.json index 62f8dc7dd9c..47cc9571d33 100644 --- a/2017/7xxx/CVE-2017-7204.json +++ b/2017/7xxx/CVE-2017-7204.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the \"imdbphp-master/demo/search.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tboothman/imdbphp/issues/88", - "refsource" : "CONFIRM", - "url" : "https://github.com/tboothman/imdbphp/issues/88" - }, - { - "name" : "97002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the \"imdbphp-master/demo/search.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97002" + }, + { + "name": "https://github.com/tboothman/imdbphp/issues/88", + "refsource": "CONFIRM", + "url": "https://github.com/tboothman/imdbphp/issues/88" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7221.json b/2017/7xxx/CVE-2017-7221.json index 825711525de..acfbbdd934f 100644 --- a/2017/7xxx/CVE-2017-7221.json +++ b/2017/7xxx/CVE-2017-7221.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41928", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41928/" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Apr/97", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/97" - }, - { - "name" : "98038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/97", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/97" + }, + { + "name": "41928", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41928/" + }, + { + "name": "98038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98038" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7483.json b/2017/7xxx/CVE-2017-7483.json index bdefffff86e..345c516ff9b 100644 --- a/2017/7xxx/CVE-2017-7483.json +++ b/2017/7xxx/CVE-2017-7483.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rxvt", - "version" : { - "version_data" : [ - { - "version_value" : "2.7.10" - } - ] - } - } - ] - }, - "vendor_name" : "The RXVT Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rxvt", + "version": { + "version_data": [ + { + "version_value": "2.7.10" + } + ] + } + } + ] + }, + "vendor_name": "The RXVT Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170501 Integer Overflow in rxvt", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/01/15" - }, - { - "name" : "[oss-security] 20170501 Re: Integer Overflow in rxvt", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/01/18" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the value -2^31 inside a terminal escape code, which results in a non-invertible integer that eventually leads to a segfault due to an out of bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170501 Integer Overflow in rxvt", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/01/15" + }, + { + "name": "[oss-security] 20170501 Re: Integer Overflow in rxvt", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/01/18" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7898.json b/2017/7xxx/CVE-2017-7898.json index 533ef525c99..147e44619a6 100644 --- a/2017/7xxx/CVE-2017-7898.json +++ b/2017/7xxx/CVE-2017-7898.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400", - "version" : { - "version_data" : [ - { - "version_value" : "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-307" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04" - }, - { - "name" : "1038546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038546" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8336.json b/2017/8xxx/CVE-2017-8336.json index 267390f2cad..4fb6228b5f5 100644 --- a/2017/8xxx/CVE-2017-8336.json +++ b/2017/8xxx/CVE-2017-8336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8709.json b/2017/8xxx/CVE-2017-8709.json index 6587bafb595..1b65165c132 100644 --- a/2017/8xxx/CVE-2017-8709.json +++ b/2017/8xxx/CVE-2017-8709.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709" - }, - { - "name" : "100792", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100792" - }, - { - "name" : "1039325", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100792", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100792" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8709" + }, + { + "name": "1039325", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039325" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8873.json b/2017/8xxx/CVE-2017-8873.json index 198956f909a..587d1892765 100644 --- a/2017/8xxx/CVE-2017-8873.json +++ b/2017/8xxx/CVE-2017-8873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8873", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8873", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8883.json b/2017/8xxx/CVE-2017-8883.json index 418577c4109..6ee1cb0c0da 100644 --- a/2017/8xxx/CVE-2017-8883.json +++ b/2017/8xxx/CVE-2017-8883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10622.json b/2018/10xxx/CVE-2018-10622.json index 274c50487ac..52ee0b6dd23 100644 --- a/2018/10xxx/CVE-2018-10622.json +++ b/2018/10xxx/CVE-2018-10622.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-07T00:00:00", - "ID" : "CVE-2018-10622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Medtronic MyCareLink 24950, 24952 Patient Monitor", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-07T00:00:00", + "ID": "CVE-2018-10622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Medtronic MyCareLink 24950, 24952 Patient Monitor", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01" - }, - { - "name" : "105042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105042" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10633.json b/2018/10xxx/CVE-2018-10633.json index 2b2e2ff3b34..251cbef4ac7 100644 --- a/2018/10xxx/CVE-2018-10633.json +++ b/2018/10xxx/CVE-2018-10633.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-10T00:00:00", - "ID" : "CVE-2018-10633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Universal Robots Robot Controller version CB 3.1, SW Version 3.4.5-100", - "version" : { - "version_data" : [ - { - "version_value" : "Universal Robots Robot Controller version CB 3.1, SW Version 3.4.5-100" - } - ] - } - } - ] - }, - "vendor_name" : "Universal Robots" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE OF HARD-CODED CREDENTIALS CWE-798" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-10T00:00:00", + "ID": "CVE-2018-10633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Universal Robots Robot Controller version CB 3.1, SW Version 3.4.5-100", + "version": { + "version_data": [ + { + "version_value": "Universal Robots Robot Controller version CB 3.1, SW Version 3.4.5-100" + } + ] + } + } + ] + }, + "vendor_name": "Universal Robots" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01" - }, - { - "name" : "104710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104710" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10735.json b/2018/10xxx/CVE-2018-10735.json index fa310491b82..f3688464fec 100644 --- a/2018/10xxx/CVE-2018-10735.json +++ b/2018/10xxx/CVE-2018-10735.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97265", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97265", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97265" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10903.json b/2018/10xxx/CVE-2018-10903.json index bb20934273b..ad66d45ff3f 100644 --- a/2018/10xxx/CVE-2018-10903.json +++ b/2018/10xxx/CVE-2018-10903.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "python-cryptography", - "version" : { - "version_data" : [ - { - "version_value" : "2.3" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "python-cryptography", + "version": { + "version_data": [ + { + "version_value": "2.3" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903" - }, - { - "name" : "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef", - "refsource" : "CONFIRM", - "url" : "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef" - }, - { - "name" : "RHSA-2018:3600", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3600" - }, - { - "name" : "USN-3720-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3720-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3600", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3600" + }, + { + "name": "USN-3720-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3720-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903" + }, + { + "name": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef", + "refsource": "CONFIRM", + "url": "https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10991.json b/2018/10xxx/CVE-2018-10991.json index a4c7f8465b1..821b776d9eb 100644 --- a/2018/10xxx/CVE-2018-10991.json +++ b/2018/10xxx/CVE-2018-10991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10991", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10990. Reason: This candidate is a reservation duplicate of CVE-2018-10990. Notes: All CVE users should reference CVE-2018-10990 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10991", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10990. Reason: This candidate is a reservation duplicate of CVE-2018-10990. Notes: All CVE users should reference CVE-2018-10990 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12694.json b/2018/12xxx/CVE-2018-12694.json index 4749ddb9780..c25e028ccb2 100644 --- a/2018/12xxx/CVE-2018-12694.json +++ b/2018/12xxx/CVE-2018-12694.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc", - "refsource" : "MISC", - "url" : "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc", + "refsource": "MISC", + "url": "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13316.json b/2018/13xxx/CVE-2018-13316.json index 60a1039bc86..dca786e3104 100644 --- a/2018/13xxx/CVE-2018-13316.json +++ b/2018/13xxx/CVE-2018-13316.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the \"subnet\" POST parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the \"subnet\" POST parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13410.json b/2018/13xxx/CVE-2018-13410.json index f77f17cab85..8a4612d3d73 100644 --- a/2018/13xxx/CVE-2018-13410.json +++ b/2018/13xxx/CVE-2018-13410.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2018/Jul/24", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/24" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2018/Jul/24", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/24" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13531.json b/2018/13xxx/CVE-2018-13531.json index 56a172def4a..0ad697c6e6c 100644 --- a/2018/13xxx/CVE-2018-13531.json +++ b/2018/13xxx/CVE-2018-13531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MaxHouse", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MaxHouse" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MaxHouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MaxHouse", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MaxHouse" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13724.json b/2018/13xxx/CVE-2018-13724.json index 1ddd99a3fba..c20dceeb02f 100644 --- a/2018/13xxx/CVE-2018-13724.json +++ b/2018/13xxx/CVE-2018-13724.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPCrowdsale1", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPCrowdsale1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mint function of a smart contract implementation for HYIPCrowdsale1, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPCrowdsale1", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPCrowdsale1" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13795.json b/2018/13xxx/CVE-2018-13795.json index ba3de98659e..0f74108e3da 100644 --- a/2018/13xxx/CVE-2018-13795.json +++ b/2018/13xxx/CVE-2018-13795.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gravity before 0.5.1 does not support a maximum recursion depth." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/marcobambini/gravity/issues/237", - "refsource" : "MISC", - "url" : "https://github.com/marcobambini/gravity/issues/237" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gravity before 0.5.1 does not support a maximum recursion depth." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/marcobambini/gravity/issues/237", + "refsource": "MISC", + "url": "https://github.com/marcobambini/gravity/issues/237" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17305.json b/2018/17xxx/CVE-2018-17305.json index 00fe92d1d95..7fd9bb4fbbb 100644 --- a/2018/17xxx/CVE-2018-17305.json +++ b/2018/17xxx/CVE-2018-17305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17706.json b/2018/17xxx/CVE-2018-17706.json index ec6f52882c9..7d051182121 100644 --- a/2018/17xxx/CVE-2018-17706.json +++ b/2018/17xxx/CVE-2018-17706.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit PhantomPDF", - "version" : { - "version_data" : [ - { - "version_value" : "Phantom PDF 9.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787-Out-of-bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "Phantom PDF 9.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-1095", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-1095" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fxhtml2pdf. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6230." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-1095", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-1095" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17740.json b/2018/17xxx/CVE-2018-17740.json index a010873c6ab..fb1dd552b77 100644 --- a/2018/17xxx/CVE-2018-17740.json +++ b/2018/17xxx/CVE-2018-17740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17867.json b/2018/17xxx/CVE-2018-17867.json index e64b8765d73..c4daf9bdcd0 100644 --- a/2018/17xxx/CVE-2018-17867.json +++ b/2018/17xxx/CVE-2018-17867.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", - "refsource" : "MISC", - "url" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/", + "refsource": "MISC", + "url": "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17947.json b/2018/17xxx/CVE-2018-17947.json index b5286fc9133..fa49640b711 100644 --- a/2018/17xxx/CVE-2018-17947.json +++ b/2018/17xxx/CVE-2018-17947.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.defensecode.com/advisories/DC-2018-05-006_WordPress_Snazzy_Maps_Plugin_Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.defensecode.com/advisories/DC-2018-05-006_WordPress_Snazzy_Maps_Plugin_Advisory.pdf" - }, - { - "name" : "https://seclists.org/bugtraq/2018/Jul/72", - "refsource" : "MISC", - "url" : "https://seclists.org/bugtraq/2018/Jul/72" - }, - { - "name" : "https://wordpress.org/plugins/snazzy-maps/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/snazzy-maps/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Snazzy Maps plugin before 1.1.5 for WordPress has XSS via the text or tab parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/bugtraq/2018/Jul/72", + "refsource": "MISC", + "url": "https://seclists.org/bugtraq/2018/Jul/72" + }, + { + "name": "https://wordpress.org/plugins/snazzy-maps/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/snazzy-maps/#developers" + }, + { + "name": "http://www.defensecode.com/advisories/DC-2018-05-006_WordPress_Snazzy_Maps_Plugin_Advisory.pdf", + "refsource": "MISC", + "url": "http://www.defensecode.com/advisories/DC-2018-05-006_WordPress_Snazzy_Maps_Plugin_Advisory.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9650.json b/2018/9xxx/CVE-2018-9650.json index 452a0cf5030..5868f092e1c 100644 --- a/2018/9xxx/CVE-2018-9650.json +++ b/2018/9xxx/CVE-2018-9650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9650", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9650", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9882.json b/2018/9xxx/CVE-2018-9882.json index b0ae528007f..313c51afe5e 100644 --- a/2018/9xxx/CVE-2018-9882.json +++ b/2018/9xxx/CVE-2018-9882.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9882", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9882", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file