diff --git a/2002/0xxx/CVE-2002-0072.json b/2002/0xxx/CVE-2002-0072.json
index 6a94907629d..f5203746c45 100644
--- a/2002/0xxx/CVE-2002-0072.json
+++ b/2002/0xxx/CVE-2002-0072.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0072",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0072",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=101853851025208&w=2"
- },
- {
- "name" : "MS02-018",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
- },
- {
- "name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
- "refsource" : "CISCO",
- "url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
- },
- {
- "name" : "CA-2002-09",
- "refsource" : "CERT",
- "url" : "http://www.cert.org/advisories/CA-2002-09.html"
- },
- {
- "name" : "VU#521059",
- "refsource" : "CERT-VN",
- "url" : "http://www.kb.cert.org/vuls/id/521059"
- },
- {
- "name" : "iis-isapi-filter-error-dos(8800)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/8800.php"
- },
- {
- "name" : "4479",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4479"
- },
- {
- "name" : "3326",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/3326"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "4479",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4479"
+ },
+ {
+ "name": "VU#521059",
+ "refsource": "CERT-VN",
+ "url": "http://www.kb.cert.org/vuls/id/521059"
+ },
+ {
+ "name": "iis-isapi-filter-error-dos(8800)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/8800.php"
+ },
+ {
+ "name": "20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=101853851025208&w=2"
+ },
+ {
+ "name": "MS02-018",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
+ },
+ {
+ "name": "3326",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/3326"
+ },
+ {
+ "name": "CA-2002-09",
+ "refsource": "CERT",
+ "url": "http://www.cert.org/advisories/CA-2002-09.html"
+ },
+ {
+ "name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
+ "refsource": "CISCO",
+ "url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/0xxx/CVE-2002-0112.json b/2002/0xxx/CVE-2002-0112.json
index 23115cc8f77..87dbc486120 100644
--- a/2002/0xxx/CVE-2002-0112.json
+++ b/2002/0xxx/CVE-2002-0112.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0112",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0112",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=101062172226812&w=2"
- },
- {
- "name" : "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
- "refsource" : "NTBUGTRAQ",
- "url" : "http://marc.info/?l=ntbugtraq&m=101062823505486&w=2"
- },
- {
- "name" : "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0010.html"
- },
- {
- "name" : "20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/249734"
- },
- {
- "name" : "3838",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/3838"
- },
- {
- "name" : "eserv-protected-file-access(7849)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/7849.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0010.html"
+ },
+ {
+ "name": "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
+ "refsource": "NTBUGTRAQ",
+ "url": "http://marc.info/?l=ntbugtraq&m=101062823505486&w=2"
+ },
+ {
+ "name": "3838",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/3838"
+ },
+ {
+ "name": "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=101062172226812&w=2"
+ },
+ {
+ "name": "20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/249734"
+ },
+ {
+ "name": "eserv-protected-file-access(7849)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/7849.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/0xxx/CVE-2002-0113.json b/2002/0xxx/CVE-2002-0113.json
index 1eb49508d9e..a0e3b434016 100644
--- a/2002/0xxx/CVE-2002-0113.json
+++ b/2002/0xxx/CVE-2002-0113.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0113",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0113",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020110 Legato Vulnerable",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/249420"
- },
- {
- "name" : "3840",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/3840"
- },
- {
- "name" : "legato-nsrd-log-permissions(7897)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/7897.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20020110 Legato Vulnerable",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/249420"
+ },
+ {
+ "name": "3840",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/3840"
+ },
+ {
+ "name": "legato-nsrd-log-permissions(7897)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/7897.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/0xxx/CVE-2002-0590.json b/2002/0xxx/CVE-2002-0590.json
index 0c9067fc46d..586fce19c8f 100644
--- a/2002/0xxx/CVE-2002-0590.json
+++ b/2002/0xxx/CVE-2002-0590.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-0590",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-0590",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html"
- },
- {
- "name" : "4548",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4548"
- },
- {
- "name" : "incredibb-html-css(8879)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/8879.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "incredibb-html-css(8879)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/8879.php"
+ },
+ {
+ "name": "20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html"
+ },
+ {
+ "name": "4548",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4548"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1004.json b/2002/1xxx/CVE-2002-1004.json
index f14234d7a38..11d90b13397 100644
--- a/2002/1xxx/CVE-2002-1004.json
+++ b/2002/1xxx/CVE-2002-1004.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1004",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1004",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html"
- },
- {
- "name" : "http://www.argosoft.com/applications/mailserver/changelist.asp",
- "refsource" : "CONFIRM",
- "url" : "http://www.argosoft.com/applications/mailserver/changelist.asp"
- },
- {
- "name" : "5144",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/5144"
- },
- {
- "name" : "argosoft-dotdot-directory-traversal(9477)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/9477.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.argosoft.com/applications/mailserver/changelist.asp",
+ "refsource": "CONFIRM",
+ "url": "http://www.argosoft.com/applications/mailserver/changelist.asp"
+ },
+ {
+ "name": "20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html"
+ },
+ {
+ "name": "5144",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/5144"
+ },
+ {
+ "name": "argosoft-dotdot-directory-traversal(9477)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/9477.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1122.json b/2002/1xxx/CVE-2002-1122.json
index 162ca631077..4f213a6a97e 100644
--- a/2002/1xxx/CVE-2002-1122.json
+++ b/2002/1xxx/CVE-2002-1122.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1122",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1122",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020918 Flaw in Internet Scanner Parsing Mechanism",
- "refsource" : "ISS",
- "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165"
- },
- {
- "name" : "is-http-response-bo(10130)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/10130.php"
- },
- {
- "name" : "5738",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/5738"
- },
- {
- "name" : "3150",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/3150"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20020918 Flaw in Internet Scanner Parsing Mechanism",
+ "refsource": "ISS",
+ "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165"
+ },
+ {
+ "name": "5738",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/5738"
+ },
+ {
+ "name": "3150",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/3150"
+ },
+ {
+ "name": "is-http-response-bo(10130)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/10130.php"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1692.json b/2002/1xxx/CVE-2002-1692.json
index 4dd3db7c3da..665dc390fdf 100644
--- a/2002/1xxx/CVE-2002-1692.json
+++ b/2002/1xxx/CVE-2002-1692.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1692",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1692",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.securitytracker.com/alerts/2002/Jan/1003201.html",
- "refsource" : "MISC",
- "url" : "http://www.securitytracker.com/alerts/2002/Jan/1003201.html"
- },
- {
- "name" : "win95-backup-bo(7892)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7892"
- },
- {
- "name" : "3864",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/3864"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "win95-backup-bo(7892)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7892"
+ },
+ {
+ "name": "http://www.securitytracker.com/alerts/2002/Jan/1003201.html",
+ "refsource": "MISC",
+ "url": "http://www.securitytracker.com/alerts/2002/Jan/1003201.html"
+ },
+ {
+ "name": "3864",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/3864"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1744.json b/2002/1xxx/CVE-2002-1744.json
index ccfaadd2584..1d84fb975c3 100644
--- a/2002/1xxx/CVE-2002-1744.json
+++ b/2002/1xxx/CVE-2002-1744.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1744",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded \"%c0%ae%c0%ae\" string, which is the Unicode representation for \"..\" (dot dot)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1744",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020417 Microsoft IIS 5.0 CodeBrws.asp Source Disclosure",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/267945"
- },
- {
- "name" : "20020417 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/268065"
- },
- {
- "name" : "4525",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4525"
- },
- {
- "name" : "iis-codebrws-view-source(8853)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8853"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded \"%c0%ae%c0%ae\" string, which is the Unicode representation for \"..\" (dot dot)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "iis-codebrws-view-source(8853)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8853"
+ },
+ {
+ "name": "20020417 Microsoft IIS 5.0 CodeBrws.asp Source Disclosure",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/267945"
+ },
+ {
+ "name": "20020417 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/268065"
+ },
+ {
+ "name": "4525",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4525"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2002/1xxx/CVE-2002-1758.json b/2002/1xxx/CVE-2002-1758.json
index a2f74462332..0a8772d7433 100644
--- a/2002/1xxx/CVE-2002-1758.json
+++ b/2002/1xxx/CVE-2002-1758.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2002-1758",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2002-1758",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20020424 PHProjekt multiple vulnerabilities",
- "refsource" : "BUGTRAQ",
- "url" : "http://online.securityfocus.com/archive/1/269407"
- },
- {
- "name" : "4599",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/4599"
- },
- {
- "name" : "phprojekt-unauth-script-access(8943)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "phprojekt-unauth-script-access(8943)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
+ },
+ {
+ "name": "20020424 PHProjekt multiple vulnerabilities",
+ "refsource": "BUGTRAQ",
+ "url": "http://online.securityfocus.com/archive/1/269407"
+ },
+ {
+ "name": "4599",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/4599"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0306.json b/2003/0xxx/CVE-2003-0306.json
index 6215534bf50..be01f62d5b6 100644
--- a/2003/0xxx/CVE-2003-0306.json
+++ b/2003/0xxx/CVE-2003-0306.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0306",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0306",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030507 Buffer overflow in Explorer.exe",
- "refsource" : "VULN-DEV",
- "url" : "http://marc.info/?l=vuln-dev&m=105241032526289&w=2"
- },
- {
- "name" : "20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105284486526310&w=2"
- },
- {
- "name" : "20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105301349925036&w=2"
- },
- {
- "name" : "MS03-027",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027"
- },
- {
- "name" : "oval:org.mitre.oval:def:3095",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "MS03-027",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027"
+ },
+ {
+ "name": "20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105284486526310&w=2"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:3095",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095"
+ },
+ {
+ "name": "20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105301349925036&w=2"
+ },
+ {
+ "name": "20030507 Buffer overflow in Explorer.exe",
+ "refsource": "VULN-DEV",
+ "url": "http://marc.info/?l=vuln-dev&m=105241032526289&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0414.json b/2003/0xxx/CVE-2003-0414.json
index a4f4b765f14..5300db77542 100644
--- a/2003/0xxx/CVE-2003-0414.json
+++ b/2003/0xxx/CVE-2003-0414.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0414",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0414",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2"
- },
- {
- "name" : "http://www.spidynamics.com/sunone_alert.html",
- "refsource" : "MISC",
- "url" : "http://www.spidynamics.com/sunone_alert.html"
- },
- {
- "name" : "55221",
- "refsource" : "SUNALERT",
- "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity"
- },
- {
- "name" : "1000610",
- "refsource" : "SUNALERT",
- "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1"
- },
- {
- "name" : "N-103",
- "refsource" : "CIAC",
- "url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml"
- },
- {
- "name" : "sunone-insecure-file-permissions(12096)",
- "refsource" : "XF",
- "url" : "http://www.iss.net/security_center/static/12096.php"
- },
- {
- "name" : "7712",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/7712"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.spidynamics.com/sunone_alert.html",
+ "refsource": "MISC",
+ "url": "http://www.spidynamics.com/sunone_alert.html"
+ },
+ {
+ "name": "sunone-insecure-file-permissions(12096)",
+ "refsource": "XF",
+ "url": "http://www.iss.net/security_center/static/12096.php"
+ },
+ {
+ "name": "55221",
+ "refsource": "SUNALERT",
+ "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity"
+ },
+ {
+ "name": "N-103",
+ "refsource": "CIAC",
+ "url": "http://www.ciac.org/ciac/bulletins/n-103.shtml"
+ },
+ {
+ "name": "20030526 Multiple Vulnerabilities in Sun-One Application Server",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105409846029475&w=2"
+ },
+ {
+ "name": "7712",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/7712"
+ },
+ {
+ "name": "1000610",
+ "refsource": "SUNALERT",
+ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0581.json b/2003/0xxx/CVE-2003-0581.json
index 40e95b5c566..062768e9527 100644
--- a/2003/0xxx/CVE-2003-0581.json
+++ b/2003/0xxx/CVE-2003-0581.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0581",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0581",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030714 xfstt-1.4 vulnerability",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105829691405446&w=2"
- },
- {
- "name" : "DSA-360",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2003/dsa-360"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "DSA-360",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2003/dsa-360"
+ },
+ {
+ "name": "20030714 xfstt-1.4 vulnerability",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105829691405446&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0632.json b/2003/0xxx/CVE-2003-0632.json
index bf541fb6343..67588935e9e 100644
--- a/2003/0xxx/CVE-2003-0632.json
+++ b/2003/0xxx/CVE-2003-0632.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0632",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0632",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105906721920776&w=2"
- },
- {
- "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf",
- "refsource" : "CONFIRM",
- "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf",
+ "refsource": "CONFIRM",
+ "url": "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf"
+ },
+ {
+ "name": "20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105906721920776&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0047.json b/2012/0xxx/CVE-2012-0047.json
index 924302a6a27..a8b6096b2c0 100644
--- a/2012/0xxx/CVE-2012-0047.json
+++ b/2012/0xxx/CVE-2012-0047.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0047",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-0047",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20120322 [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0112.html"
- },
- {
- "name" : "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html",
- "refsource" : "CONFIRM",
- "url" : "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html"
- },
- {
- "name" : "80300",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80300"
- },
- {
- "name" : "1026839",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1026839"
- },
- {
- "name" : "apache-wicket-unspec-xss(74273)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74273"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "apache-wicket-unspec-xss(74273)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74273"
+ },
+ {
+ "name": "20120322 [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0112.html"
+ },
+ {
+ "name": "80300",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80300"
+ },
+ {
+ "name": "1026839",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1026839"
+ },
+ {
+ "name": "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html",
+ "refsource": "CONFIRM",
+ "url": "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0072.json b/2012/0xxx/CVE-2012-0072.json
index 11529332103..90b71b07452 100644
--- a/2012/0xxx/CVE-2012-0072.json
+++ b/2012/0xxx/CVE-2012-0072.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0072",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2012-0072",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
- },
- {
- "name" : "51458",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/51458"
- },
- {
- "name" : "78419",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/78419"
- },
- {
- "name" : "1026527",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1026527"
- },
- {
- "name" : "databaseserver-listener-dos(72469)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72469"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "databaseserver-listener-dos(72469)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72469"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
+ },
+ {
+ "name": "51458",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/51458"
+ },
+ {
+ "name": "78419",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/78419"
+ },
+ {
+ "name": "1026527",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1026527"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0597.json b/2012/0xxx/CVE-2012-0597.json
index 1baa02c51bb..67e1cb26124 100644
--- a/2012/0xxx/CVE-2012-0597.json
+++ b/2012/0xxx/CVE-2012-0597.json
@@ -1,112 +1,112 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0597",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2012-0597",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "APPLE-SA-2012-03-07-1",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
- },
- {
- "name" : "APPLE-SA-2012-03-07-2",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
- },
- {
- "name" : "APPLE-SA-2012-03-12-1",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
- },
- {
- "name" : "52365",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/52365"
- },
- {
- "name" : "79919",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/79919"
- },
- {
- "name" : "oval:org.mitre.oval:def:16879",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16879"
- },
- {
- "name" : "1026774",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1026774"
- },
- {
- "name" : "48274",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48274"
- },
- {
- "name" : "48288",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48288"
- },
- {
- "name" : "48377",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48377"
- },
- {
- "name" : "apple-webkit-cve20120597-code-execution(73816)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73816"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "oval:org.mitre.oval:def:16879",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16879"
+ },
+ {
+ "name": "52365",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/52365"
+ },
+ {
+ "name": "1026774",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1026774"
+ },
+ {
+ "name": "48377",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48377"
+ },
+ {
+ "name": "apple-webkit-cve20120597-code-execution(73816)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73816"
+ },
+ {
+ "name": "APPLE-SA-2012-03-12-1",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
+ },
+ {
+ "name": "48274",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48274"
+ },
+ {
+ "name": "79919",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/79919"
+ },
+ {
+ "name": "APPLE-SA-2012-03-07-1",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
+ },
+ {
+ "name": "48288",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48288"
+ },
+ {
+ "name": "APPLE-SA-2012-03-07-2",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/0xxx/CVE-2012-0735.json b/2012/0xxx/CVE-2012-0735.json
index 8b9699a5fbf..33a1a58219f 100644
--- a/2012/0xxx/CVE-2012-0735.json
+++ b/2012/0xxx/CVE-2012-0735.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-0735",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@us.ibm.com",
+ "ID": "CVE-2012-0735",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188",
- "refsource" : "CONFIRM",
- "url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188"
- },
- {
- "name" : "53247",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/53247"
- },
- {
- "name" : "48967",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48967"
- },
- {
- "name" : "48968",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48968"
- },
- {
- "name" : "ae-fileuri-info-disclosure(74558)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "48967",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48967"
+ },
+ {
+ "name": "ae-fileuri-info-disclosure(74558)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
+ },
+ {
+ "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
+ "refsource": "CONFIRM",
+ "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
+ },
+ {
+ "name": "48968",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48968"
+ },
+ {
+ "name": "53247",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/53247"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1421.json b/2012/1xxx/CVE-2012-1421.json
index 12bacf5106c..e4f2bf6261d 100644
--- a/2012/1xxx/CVE-2012-1421.json
+++ b/2012/1xxx/CVE-2012-1421.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1421",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1421",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/522005"
- },
- {
- "name" : "http://www.ieee-security.org/TC/SP2012/program.html",
- "refsource" : "MISC",
- "url" : "http://www.ieee-security.org/TC/SP2012/program.html"
- },
- {
- "name" : "80409",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80409"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/522005"
+ },
+ {
+ "name": "80409",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80409"
+ },
+ {
+ "name": "http://www.ieee-security.org/TC/SP2012/program.html",
+ "refsource": "MISC",
+ "url": "http://www.ieee-security.org/TC/SP2012/program.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1425.json b/2012/1xxx/CVE-2012-1425.json
index f4beff0827e..e89321ad448 100644
--- a/2012/1xxx/CVE-2012-1425.json
+++ b/2012/1xxx/CVE-2012-1425.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1425",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1425",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/522005"
- },
- {
- "name" : "http://www.ieee-security.org/TC/SP2012/program.html",
- "refsource" : "MISC",
- "url" : "http://www.ieee-security.org/TC/SP2012/program.html"
- },
- {
- "name" : "80389",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80389"
- },
- {
- "name" : "80391",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80391"
- },
- {
- "name" : "80392",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80392"
- },
- {
- "name" : "80395",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80395"
- },
- {
- "name" : "80396",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80396"
- },
- {
- "name" : "80403",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80403"
- },
- {
- "name" : "80409",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80409"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/522005"
+ },
+ {
+ "name": "80403",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80403"
+ },
+ {
+ "name": "80389",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80389"
+ },
+ {
+ "name": "80391",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80391"
+ },
+ {
+ "name": "80409",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80409"
+ },
+ {
+ "name": "80396",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80396"
+ },
+ {
+ "name": "80392",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80392"
+ },
+ {
+ "name": "http://www.ieee-security.org/TC/SP2012/program.html",
+ "refsource": "MISC",
+ "url": "http://www.ieee-security.org/TC/SP2012/program.html"
+ },
+ {
+ "name": "80395",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80395"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1582.json b/2012/1xxx/CVE-2012-1582.json
index e913b60267d..035ff21bf80 100644
--- a/2012/1xxx/CVE-2012-1582.json
+++ b/2012/1xxx/CVE-2012-1582.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1582",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-1582",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
- "refsource" : "MLIST",
- "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
- },
- {
- "name" : "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
- "refsource" : "MLIST",
- "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
- },
- {
- "name" : "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2012/03/22/9"
- },
- {
- "name" : "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2012/03/24/1"
- },
- {
- "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
- },
- {
- "name" : "52689",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/52689"
- },
- {
- "name" : "80363",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80363"
- },
- {
- "name" : "48504",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48504"
- },
- {
- "name" : "mediawiki-wikitext-xss(74288)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
+ },
+ {
+ "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
+ "refsource": "MLIST",
+ "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
+ },
+ {
+ "name": "48504",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48504"
+ },
+ {
+ "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
+ },
+ {
+ "name": "80363",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80363"
+ },
+ {
+ "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
+ "refsource": "MLIST",
+ "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
+ },
+ {
+ "name": "mediawiki-wikitext-xss(74288)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
+ },
+ {
+ "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
+ },
+ {
+ "name": "52689",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/52689"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1623.json b/2012/1xxx/CVE-2012-1623.json
index 8235d7b9229..ebc3d5882b9 100644
--- a/2012/1xxx/CVE-2012-1623.json
+++ b/2012/1xxx/CVE-2012-1623.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1623",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-1623",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
- },
- {
- "name" : "http://drupal.org/node/1394172",
- "refsource" : "MISC",
- "url" : "http://drupal.org/node/1394172"
- },
- {
- "name" : "51271",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/51271"
- },
- {
- "name" : "78184",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/78184"
- },
- {
- "name" : "47443",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/47443"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://drupal.org/node/1394172",
+ "refsource": "MISC",
+ "url": "http://drupal.org/node/1394172"
+ },
+ {
+ "name": "47443",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/47443"
+ },
+ {
+ "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
+ },
+ {
+ "name": "51271",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/51271"
+ },
+ {
+ "name": "78184",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/78184"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3371.json b/2012/3xxx/CVE-2012-3371.json
index 826a6527915..022dd4d8b98 100644
--- a/2012/3xxx/CVE-2012-3371.json
+++ b/2012/3xxx/CVE-2012-3371.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3371",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-3371",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
- "refsource" : "MLIST",
- "url" : "https://lists.launchpad.net/openstack/msg14452.html"
- },
- {
- "name" : "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2012/07/11/13"
- },
- {
- "name" : "https://bugs.launchpad.net/nova/+bug/1017795",
- "refsource" : "CONFIRM",
- "url" : "https://bugs.launchpad.net/nova/+bug/1017795"
- },
- {
- "name" : "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
- },
- {
- "name" : "USN-1501-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/USN-1501-1"
- },
- {
- "name" : "54388",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/54388"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "54388",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/54388"
+ },
+ {
+ "name": "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
+ "refsource": "MLIST",
+ "url": "https://lists.launchpad.net/openstack/msg14452.html"
+ },
+ {
+ "name": "https://bugs.launchpad.net/nova/+bug/1017795",
+ "refsource": "CONFIRM",
+ "url": "https://bugs.launchpad.net/nova/+bug/1017795"
+ },
+ {
+ "name": "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"
+ },
+ {
+ "name": "USN-1501-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/USN-1501-1"
+ },
+ {
+ "name": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3529.json b/2012/3xxx/CVE-2012-3529.json
index 61e3c10c5e5..278f10239d6 100644
--- a/2012/3xxx/CVE-2012-3529.json
+++ b/2012/3xxx/CVE-2012-3529.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3529",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-3529",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20120822 Re: CVE request: Typo3",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2012/08/22/8"
- },
- {
- "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
- "refsource" : "CONFIRM",
- "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
- },
- {
- "name" : "DSA-2537",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2012/dsa-2537"
- },
- {
- "name" : "84775",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/84775"
- },
- {
- "name" : "50287",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/50287"
- },
- {
- "name" : "typo3-config-module-info-disc(77793)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
+ "refsource": "CONFIRM",
+ "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
+ },
+ {
+ "name": "typo3-config-module-info-disc(77793)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
+ },
+ {
+ "name": "DSA-2537",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2012/dsa-2537"
+ },
+ {
+ "name": "[oss-security] 20120822 Re: CVE request: Typo3",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
+ },
+ {
+ "name": "50287",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/50287"
+ },
+ {
+ "name": "84775",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/84775"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/3xxx/CVE-2012-3797.json b/2012/3xxx/CVE-2012-3797.json
index e9a402642d4..8f51cb75faa 100644
--- a/2012/3xxx/CVE-2012-3797.json
+++ b/2012/3xxx/CVE-2012-3797.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-3797",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-3797",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://aluigi.org/adv/proservrex_1-adv.txt",
- "refsource" : "MISC",
- "url" : "http://aluigi.org/adv/proservrex_1-adv.txt"
- },
- {
- "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01",
- "refsource" : "MISC",
- "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01"
- },
- {
- "name" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt",
- "refsource" : "CONFIRM",
- "url" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt"
- },
- {
- "name" : "https://www.hmisource.com/otasuke/news/2012/0606.html",
- "refsource" : "CONFIRM",
- "url" : "https://www.hmisource.com/otasuke/news/2012/0606.html"
- },
- {
- "name" : "53499",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/53499"
- },
- {
- "name" : "49172",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/49172"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.hmisource.com/otasuke/news/2012/0606.html",
+ "refsource": "CONFIRM",
+ "url": "https://www.hmisource.com/otasuke/news/2012/0606.html"
+ },
+ {
+ "name": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt",
+ "refsource": "CONFIRM",
+ "url": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt"
+ },
+ {
+ "name": "http://aluigi.org/adv/proservrex_1-adv.txt",
+ "refsource": "MISC",
+ "url": "http://aluigi.org/adv/proservrex_1-adv.txt"
+ },
+ {
+ "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01",
+ "refsource": "MISC",
+ "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01"
+ },
+ {
+ "name": "53499",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/53499"
+ },
+ {
+ "name": "49172",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/49172"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4166.json b/2012/4xxx/CVE-2012-4166.json
index 02e192237e8..15111a4a20b 100644
--- a/2012/4xxx/CVE-2012-4166.json
+++ b/2012/4xxx/CVE-2012-4166.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4166",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candidate is a duplicate of CVE-2012-4165. Notes: All CVE users should reference CVE-2012-4165 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2012-4166",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candidate is a duplicate of CVE-2012-4165. Notes: All CVE users should reference CVE-2012-4165 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4269.json b/2012/4xxx/CVE-2012-4269.json
index 07505c4fa62..96950e91669 100644
--- a/2012/4xxx/CVE-2012-4269.json
+++ b/2012/4xxx/CVE-2012-4269.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4269",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-4269",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
- },
- {
- "name" : "53412",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/53412"
- },
- {
- "name" : "efront-upload-file-upload(75443)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "53412",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/53412"
+ },
+ {
+ "name": "efront-upload-file-upload(75443)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
+ },
+ {
+ "name": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4311.json b/2012/4xxx/CVE-2012-4311.json
index 6c2d3895002..491854f53c5 100644
--- a/2012/4xxx/CVE-2012-4311.json
+++ b/2012/4xxx/CVE-2012-4311.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4311",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-4311",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/4xxx/CVE-2012-4987.json b/2012/4xxx/CVE-2012-4987.json
index 125a4eb8faf..4fb62952f66 100644
--- a/2012/4xxx/CVE-2012-4987.json
+++ b/2012/4xxx/CVE-2012-4987.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-4987",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-4987",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20121026 Realplayer Watchfolders Long Filepath Overflow",
- "refsource" : "FULLDISC",
- "url" : "http://seclists.org/fulldisclosure/2012/Oct/189"
- },
- {
- "name" : "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html"
- },
- {
- "name" : "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html",
- "refsource" : "MISC",
- "url" : "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html"
- },
- {
- "name" : "56324",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/56324"
- },
- {
- "name" : "86721",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/86721"
- },
- {
- "name" : "realplayer-watch-folder-bo(79663)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79663"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "56324",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/56324"
+ },
+ {
+ "name": "20121026 Realplayer Watchfolders Long Filepath Overflow",
+ "refsource": "FULLDISC",
+ "url": "http://seclists.org/fulldisclosure/2012/Oct/189"
+ },
+ {
+ "name": "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html",
+ "refsource": "MISC",
+ "url": "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html"
+ },
+ {
+ "name": "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html"
+ },
+ {
+ "name": "realplayer-watch-folder-bo(79663)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79663"
+ },
+ {
+ "name": "86721",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/86721"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2027.json b/2017/2xxx/CVE-2017-2027.json
index f3de440aadf..d89d7f00ed2 100644
--- a/2017/2xxx/CVE-2017-2027.json
+++ b/2017/2xxx/CVE-2017-2027.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-2027",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2017-2027",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2074.json b/2017/2xxx/CVE-2017-2074.json
index e14713f917f..2271efae8c1 100644
--- a/2017/2xxx/CVE-2017-2074.json
+++ b/2017/2xxx/CVE-2017-2074.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-2074",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2017-2074",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2276.json b/2017/2xxx/CVE-2017-2276.json
index 4811d150a8d..7df3671922f 100644
--- a/2017/2xxx/CVE-2017-2276.json
+++ b/2017/2xxx/CVE-2017-2276.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vultures@jpcert.or.jp",
- "ID" : "CVE-2017-2276",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "WG-C10",
- "version" : {
- "version_data" : [
- {
- "version_value" : "v3.0.79 and earlier"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Sony Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Buffer Overflow"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "ID": "CVE-2017-2276",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WG-C10",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "v3.0.79 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Sony Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10",
- "refsource" : "MISC",
- "url" : "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10"
- },
- {
- "name" : "JVN#14151222",
- "refsource" : "JVN",
- "url" : "https://jvn.jp/en/jp/JVN14151222/index.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Buffer Overflow"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "JVN#14151222",
+ "refsource": "JVN",
+ "url": "https://jvn.jp/en/jp/JVN14151222/index.html"
+ },
+ {
+ "name": "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10",
+ "refsource": "MISC",
+ "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2556.json b/2017/2xxx/CVE-2017-2556.json
index c1b99a454a3..838ff269735 100644
--- a/2017/2xxx/CVE-2017-2556.json
+++ b/2017/2xxx/CVE-2017-2556.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-2556",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-2556",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/2xxx/CVE-2017-2929.json b/2017/2xxx/CVE-2017-2929.json
index 4e879326f66..c3382d24003 100644
--- a/2017/2xxx/CVE-2017-2929.json
+++ b/2017/2xxx/CVE-2017-2929.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "ID" : "CVE-2017-2929",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Adobe Acrobat Extension for Chrome 15.1.0.3",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Adobe Acrobat Extension for Chrome 15.1.0.3"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "DOM-based Cross-Site Scripting"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2017-2929",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Acrobat Extension for Chrome 15.1.0.3",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Adobe Acrobat Extension for Chrome 15.1.0.3"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html",
- "refsource" : "CONFIRM",
- "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html"
- },
- {
- "name" : "95693",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/95693"
- },
- {
- "name" : "1037687",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1037687"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "DOM-based Cross-Site Scripting"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1037687",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1037687"
+ },
+ {
+ "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html",
+ "refsource": "CONFIRM",
+ "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html"
+ },
+ {
+ "name": "95693",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/95693"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3056.json b/2017/3xxx/CVE-2017-3056.json
index 844965f8cfb..c1248ea2de8 100644
--- a/2017/3xxx/CVE-2017-3056.json
+++ b/2017/3xxx/CVE-2017-3056.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "ID" : "CVE-2017-3056",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Memory Corruption"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2017-3056",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
- "refsource" : "CONFIRM",
- "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
- },
- {
- "name" : "97556",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97556"
- },
- {
- "name" : "1038228",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038228"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Memory Corruption"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1038228",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038228"
+ },
+ {
+ "name": "97556",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97556"
+ },
+ {
+ "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
+ "refsource": "CONFIRM",
+ "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6460.json b/2017/6xxx/CVE-2017-6460.json
index 2d393fc5656..960c1712a5c 100644
--- a/2017/6xxx/CVE-2017-6460.json
+++ b/2017/6xxx/CVE-2017-6460.json
@@ -1,87 +1,87 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-6460",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-6460",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://support.ntp.org/bin/view/Main/NtpBug3377",
- "refsource" : "CONFIRM",
- "url" : "http://support.ntp.org/bin/view/Main/NtpBug3377"
- },
- {
- "name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
- "refsource" : "CONFIRM",
- "url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
- },
- {
- "name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/92",
- "refsource" : "CONFIRM",
- "url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/92"
- },
- {
- "name" : "https://support.apple.com/HT208144",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT208144"
- },
- {
- "name" : "97052",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97052"
- },
- {
- "name" : "1038123",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038123"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1038123",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038123"
+ },
+ {
+ "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/92",
+ "refsource": "CONFIRM",
+ "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/92"
+ },
+ {
+ "name": "https://support.apple.com/HT208144",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT208144"
+ },
+ {
+ "name": "97052",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97052"
+ },
+ {
+ "name": "http://support.ntp.org/bin/view/Main/NtpBug3377",
+ "refsource": "CONFIRM",
+ "url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
+ },
+ {
+ "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
+ "refsource": "CONFIRM",
+ "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6731.json b/2017/6xxx/CVE-2017-6731.json
index f894af45f8a..01f854c9dae 100644
--- a/2017/6xxx/CVE-2017-6731.json
+++ b/2017/6xxx/CVE-2017-6731.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "ID" : "CVE-2017-6731",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco IOS XR",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Cisco IOS XR"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Denial of Service Vulnerability"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2017-6731",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco IOS XR",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Cisco IOS XR"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr",
- "refsource" : "CONFIRM",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr"
- },
- {
- "name" : "1038820",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038820"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Denial of Service Vulnerability"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr",
+ "refsource": "CONFIRM",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr"
+ },
+ {
+ "name": "1038820",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038820"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/6xxx/CVE-2017-6751.json b/2017/6xxx/CVE-2017-6751.json
index 7a6f87aaf12..e2a36c1856d 100644
--- a/2017/6xxx/CVE-2017-6751.json
+++ b/2017/6xxx/CVE-2017-6751.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "ID" : "CVE-2017-6751",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco Web Security Appliance",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Cisco Web Security Appliance"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Access Control Bypass Vulnerability"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "ID": "CVE-2017-6751",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco Web Security Appliance",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Cisco Web Security Appliance"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
- "refsource" : "CONFIRM",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
- },
- {
- "name" : "99967",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/99967"
- },
- {
- "name" : "1038959",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038959"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Access Control Bypass Vulnerability"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "99967",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/99967"
+ },
+ {
+ "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
+ "refsource": "CONFIRM",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
+ },
+ {
+ "name": "1038959",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038959"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7041.json b/2017/7xxx/CVE-2017-7041.json
index 46ccdf068d1..8117998935f 100644
--- a/2017/7xxx/CVE-2017-7041.json
+++ b/2017/7xxx/CVE-2017-7041.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "product-security@apple.com",
- "ID" : "CVE-2017-7041",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@apple.com",
+ "ID": "CVE-2017-7041",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "42366",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/42366/"
- },
- {
- "name" : "https://support.apple.com/HT207921",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207921"
- },
- {
- "name" : "https://support.apple.com/HT207923",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207923"
- },
- {
- "name" : "https://support.apple.com/HT207924",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207924"
- },
- {
- "name" : "https://support.apple.com/HT207927",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207927"
- },
- {
- "name" : "https://support.apple.com/HT207928",
- "refsource" : "CONFIRM",
- "url" : "https://support.apple.com/HT207928"
- },
- {
- "name" : "GLSA-201710-14",
- "refsource" : "GENTOO",
- "url" : "https://security.gentoo.org/glsa/201710-14"
- },
- {
- "name" : "99885",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/99885"
- },
- {
- "name" : "1038950",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038950"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "99885",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/99885"
+ },
+ {
+ "name": "https://support.apple.com/HT207927",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207927"
+ },
+ {
+ "name": "https://support.apple.com/HT207924",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207924"
+ },
+ {
+ "name": "https://support.apple.com/HT207928",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207928"
+ },
+ {
+ "name": "42366",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/42366/"
+ },
+ {
+ "name": "https://support.apple.com/HT207921",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207921"
+ },
+ {
+ "name": "https://support.apple.com/HT207923",
+ "refsource": "CONFIRM",
+ "url": "https://support.apple.com/HT207923"
+ },
+ {
+ "name": "GLSA-201710-14",
+ "refsource": "GENTOO",
+ "url": "https://security.gentoo.org/glsa/201710-14"
+ },
+ {
+ "name": "1038950",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038950"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7351.json b/2017/7xxx/CVE-2017-7351.json
index 844481fc855..3ee4a49f354 100644
--- a/2017/7xxx/CVE-2017-7351.json
+++ b/2017/7xxx/CVE-2017-7351.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7351",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7351",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/",
- "refsource" : "MISC",
- "url" : "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/",
+ "refsource": "MISC",
+ "url": "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7429.json b/2017/7xxx/CVE-2017-7429.json
index 991dc5fb1b7..4b33e1df2de 100644
--- a/2017/7xxx/CVE-2017-7429.json
+++ b/2017/7xxx/CVE-2017-7429.json
@@ -1,103 +1,103 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@suse.com",
- "DATE_PUBLIC" : "2017-10-02T00:00:00.000Z",
- "ID" : "CVE-2017-7429",
- "STATE" : "PUBLIC",
- "TITLE" : "Fix for NetIQ shell code upload"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "eDirectory",
- "version" : {
- "version_data" : [
- {
- "affected" : "<",
- "version_value" : " 8.8.8 Patch 10 HF1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "NetIQ"
- }
- ]
- }
- },
- "credit" : [
- {
- "lang" : "eng",
- "value" : "SySS GmbH"
- }
- ],
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
- }
- ]
- },
- "impact" : {
- "cvss" : {
- "attackComplexity" : "LOW",
- "attackVector" : "NETWORK",
- "availabilityImpact" : "HIGH",
- "baseScore" : 8.8,
- "baseSeverity" : "HIGH",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "privilegesRequired" : "LOW",
- "scope" : "UNCHANGED",
- "userInteraction" : "NONE",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "version" : "3.0"
- }
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-434"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@suse.com",
+ "DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
+ "ID": "CVE-2017-7429",
+ "STATE": "PUBLIC",
+ "TITLE": "Fix for NetIQ shell code upload"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "eDirectory",
+ "version": {
+ "version_data": [
+ {
+ "affected": "<",
+ "version_value": " 8.8.8 Patch 10 HF1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "NetIQ"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
- },
- {
- "name" : "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
- "refsource" : "CONFIRM",
- "url" : "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
- },
- {
- "name" : "https://www.novell.com/support/kb/doc.php?id=3426981",
- "refsource" : "CONFIRM",
- "url" : "https://www.novell.com/support/kb/doc.php?id=3426981"
- }
- ]
- },
- "source" : {
- "defect" : [
- "1024957"
- ],
- "discovery" : "EXTERNAL"
- }
-}
+ }
+ },
+ "credit": [
+ {
+ "lang": "eng",
+ "value": "SySS GmbH"
+ }
+ ],
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.0"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
+ },
+ {
+ "name": "https://www.novell.com/support/kb/doc.php?id=3426981",
+ "refsource": "CONFIRM",
+ "url": "https://www.novell.com/support/kb/doc.php?id=3426981"
+ },
+ {
+ "name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
+ "refsource": "CONFIRM",
+ "url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
+ }
+ ]
+ },
+ "source": {
+ "defect": [
+ "1024957"
+ ],
+ "discovery": "EXTERNAL"
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7441.json b/2017/7xxx/CVE-2017-7441.json
index 2d4b3d9e44d..a562a18a447 100644
--- a/2017/7xxx/CVE-2017-7441.json
+++ b/2017/7xxx/CVE-2017-7441.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-7441",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-7441",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/",
- "refsource" : "MISC",
- "url" : "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/"
- },
- {
- "name" : "https://www.nuitduhack.com/fr/planning/talk_10",
- "refsource" : "MISC",
- "url" : "https://www.nuitduhack.com/fr/planning/talk_10"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.nuitduhack.com/fr/planning/talk_10",
+ "refsource": "MISC",
+ "url": "https://www.nuitduhack.com/fr/planning/talk_10"
+ },
+ {
+ "name": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/",
+ "refsource": "MISC",
+ "url": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7471.json b/2017/7xxx/CVE-2017-7471.json
index 047029da1bb..48de9229ad7 100644
--- a/2017/7xxx/CVE-2017-7471.json
+++ b/2017/7xxx/CVE-2017-7471.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert@redhat.com",
- "ID" : "CVE-2017-7471",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2017-7471",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host",
- "refsource" : "MLIST",
- "url" : "http://www.openwall.com/lists/oss-security/2017/04/19/2"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
- },
- {
- "name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e",
- "refsource" : "CONFIRM",
- "url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
- },
- {
- "name" : "GLSA-201706-03",
- "refsource" : "GENTOO",
- "url" : "https://security.gentoo.org/glsa/201706-03"
- },
- {
- "name" : "97970",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97970"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e",
+ "refsource": "CONFIRM",
+ "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
+ },
+ {
+ "name": "GLSA-201706-03",
+ "refsource": "GENTOO",
+ "url": "https://security.gentoo.org/glsa/201706-03"
+ },
+ {
+ "name": "97970",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97970"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
+ },
+ {
+ "name": "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host",
+ "refsource": "MLIST",
+ "url": "http://www.openwall.com/lists/oss-security/2017/04/19/2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/7xxx/CVE-2017-7837.json b/2017/7xxx/CVE-2017-7837.json
index 84dbfcd3197..74d644f2bf4 100644
--- a/2017/7xxx/CVE-2017-7837.json
+++ b/2017/7xxx/CVE-2017-7837.json
@@ -1,78 +1,78 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@mozilla.org",
- "ID" : "CVE-2017-7837",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Firefox",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "<",
- "version_value" : "57"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Mozilla"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SVG loaded through \"![]()
\" tags can use \"\" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "SVG loaded as ![]()
can use meta tags to set cookies"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@mozilla.org",
+ "ID": "CVE-2017-7837",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Firefox",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "57"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Mozilla"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923"
- },
- {
- "name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/",
- "refsource" : "CONFIRM",
- "url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/"
- },
- {
- "name" : "101832",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/101832"
- },
- {
- "name" : "1039803",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039803"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SVG loaded through \"![]()
\" tags can use \"\" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SVG loaded as ![]()
can use meta tags to set cookies"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/",
+ "refsource": "CONFIRM",
+ "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/"
+ },
+ {
+ "name": "101832",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/101832"
+ },
+ {
+ "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923"
+ },
+ {
+ "name": "1039803",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039803"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10175.json b/2018/10xxx/CVE-2018-10175.json
index d8d5f7fcf96..f4161a27b95 100644
--- a/2018/10xxx/CVE-2018-10175.json
+++ b/2018/10xxx/CVE-2018-10175.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-10175",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Digital Guardian Management Console 7.1.2.0015 has an XXE issue."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-10175",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Digital Guardian Management Console 7.1.2.0015 has an XXE issue."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10486.json b/2018/10xxx/CVE-2018-10486.json
index fceea988ff7..5f90c592085 100644
--- a/2018/10xxx/CVE-2018-10486.json
+++ b/2018/10xxx/CVE-2018-10486.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "zdi-disclosures@trendmicro.com",
- "ID" : "CVE-2018-10486",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Foxit Reader",
- "version" : {
- "version_data" : [
- {
- "version_value" : "9.0.0.29935"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Foxit"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-125-Out-of-bounds Read"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "zdi-disclosures@trendmicro.com",
+ "ID": "CVE-2018-10486",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Foxit Reader",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "9.0.0.29935"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Foxit"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://zerodayinitiative.com/advisories/ZDI-18-396",
- "refsource" : "MISC",
- "url" : "https://zerodayinitiative.com/advisories/ZDI-18-396"
- },
- {
- "name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
- "refsource" : "CONFIRM",
- "url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-125-Out-of-bounds Read"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
+ "refsource": "CONFIRM",
+ "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
+ },
+ {
+ "name": "https://zerodayinitiative.com/advisories/ZDI-18-396",
+ "refsource": "MISC",
+ "url": "https://zerodayinitiative.com/advisories/ZDI-18-396"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10844.json b/2018/10xxx/CVE-2018-10844.json
index 605f9e43479..fd1f8d5f1c2 100644
--- a/2018/10xxx/CVE-2018-10844.json
+++ b/2018/10xxx/CVE-2018-10844.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "lpardo@redhat.com",
- "ID" : "CVE-2018-10844",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "gnutls",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "[UNKNOWN]"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
- }
- ]
- },
- "impact" : {
- "cvss" : [
- [
- {
- "vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
- "version" : "3.0"
- }
- ]
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-385"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2018-10844",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "gnutls",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "[UNKNOWN]"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
- "refsource" : "MLIST",
- "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
- },
- {
- "name" : "https://eprint.iacr.org/2018/747",
- "refsource" : "MISC",
- "url" : "https://eprint.iacr.org/2018/747"
- },
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
- },
- {
- "name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657",
- "refsource" : "CONFIRM",
- "url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657"
- },
- {
- "name" : "RHSA-2018:3050",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:3050"
- },
- {
- "name" : "RHSA-2018:3505",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:3505"
- },
- {
- "name" : "105138",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105138"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ [
+ {
+ "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.0"
+ }
+ ]
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-385"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://eprint.iacr.org/2018/747",
+ "refsource": "MISC",
+ "url": "https://eprint.iacr.org/2018/747"
+ },
+ {
+ "name": "https://gitlab.com/gnutls/gnutls/merge_requests/657",
+ "refsource": "CONFIRM",
+ "url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
+ },
+ {
+ "name": "RHSA-2018:3505",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:3505"
+ },
+ {
+ "name": "105138",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105138"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
+ },
+ {
+ "name": "RHSA-2018:3050",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:3050"
+ },
+ {
+ "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
+ "refsource": "MLIST",
+ "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10919.json b/2018/10xxx/CVE-2018-10919.json
index c4711c89a2b..bdbfb807c17 100644
--- a/2018/10xxx/CVE-2018-10919.json
+++ b/2018/10xxx/CVE-2018-10919.json
@@ -1,103 +1,103 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psampaio@redhat.com",
- "ID" : "CVE-2018-10919",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "samba",
- "version" : {
- "version_data" : [
- {
- "version_value" : "4.6.16"
- },
- {
- "version_value" : "4.7.9"
- },
- {
- "version_value" : "4.8.4"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "The Samba Team"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable."
- }
- ]
- },
- "impact" : {
- "cvss" : [
- [
- {
- "vectorString" : "4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
- "version" : "3.0"
- }
- ]
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-203"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2018-10919",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "samba",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "4.6.16"
+ },
+ {
+ "version_value": "4.7.9"
+ },
+ {
+ "version_value": "4.8.4"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "The Samba Team"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919"
- },
- {
- "name" : "https://www.samba.org/samba/security/CVE-2018-10919.html",
- "refsource" : "CONFIRM",
- "url" : "https://www.samba.org/samba/security/CVE-2018-10919.html"
- },
- {
- "name" : "https://security.netapp.com/advisory/ntap-20180814-0001/",
- "refsource" : "CONFIRM",
- "url" : "https://security.netapp.com/advisory/ntap-20180814-0001/"
- },
- {
- "name" : "DSA-4271",
- "refsource" : "DEBIAN",
- "url" : "https://www.debian.org/security/2018/dsa-4271"
- },
- {
- "name" : "USN-3738-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3738-1/"
- },
- {
- "name" : "105081",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105081"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ [
+ {
+ "vectorString": "4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.0"
+ }
+ ]
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-203"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "DSA-4271",
+ "refsource": "DEBIAN",
+ "url": "https://www.debian.org/security/2018/dsa-4271"
+ },
+ {
+ "name": "USN-3738-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3738-1/"
+ },
+ {
+ "name": "https://www.samba.org/samba/security/CVE-2018-10919.html",
+ "refsource": "CONFIRM",
+ "url": "https://www.samba.org/samba/security/CVE-2018-10919.html"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919"
+ },
+ {
+ "name": "https://security.netapp.com/advisory/ntap-20180814-0001/",
+ "refsource": "CONFIRM",
+ "url": "https://security.netapp.com/advisory/ntap-20180814-0001/"
+ },
+ {
+ "name": "105081",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105081"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14451.json b/2018/14xxx/CVE-2018-14451.json
index e8598e0b83e..8ae827ea943 100644
--- a/2018/14xxx/CVE-2018-14451.json
+++ b/2018/14xxx/CVE-2018-14451.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14451",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14451",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md",
- "refsource" : "MISC",
- "url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md",
+ "refsource": "MISC",
+ "url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14515.json b/2018/14xxx/CVE-2018-14515.json
index f6b602fb7d2..5c1f438b912 100644
--- a/2018/14xxx/CVE-2018-14515.json
+++ b/2018/14xxx/CVE-2018-14515.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14515",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14515",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/wuzhicms/wuzhicms/issues/146",
- "refsource" : "MISC",
- "url" : "https://github.com/wuzhicms/wuzhicms/issues/146"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/wuzhicms/wuzhicms/issues/146",
+ "refsource": "MISC",
+ "url": "https://github.com/wuzhicms/wuzhicms/issues/146"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14551.json b/2018/14xxx/CVE-2018-14551.json
index b679b5e9cb3..d394285e79a 100644
--- a/2018/14xxx/CVE-2018-14551.json
+++ b/2018/14xxx/CVE-2018-14551.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-14551",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-14551",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/ImageMagick/ImageMagick/issues/1221",
- "refsource" : "MISC",
- "url" : "https://github.com/ImageMagick/ImageMagick/issues/1221"
- },
- {
- "name" : "USN-3785-1",
- "refsource" : "UBUNTU",
- "url" : "https://usn.ubuntu.com/3785-1/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/ImageMagick/ImageMagick/issues/1221",
+ "refsource": "MISC",
+ "url": "https://github.com/ImageMagick/ImageMagick/issues/1221"
+ },
+ {
+ "name": "USN-3785-1",
+ "refsource": "UBUNTU",
+ "url": "https://usn.ubuntu.com/3785-1/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/14xxx/CVE-2018-14786.json b/2018/14xxx/CVE-2018-14786.json
index bbf9126d802..1a6f5a68ed1 100644
--- a/2018/14xxx/CVE-2018-14786.json
+++ b/2018/14xxx/CVE-2018-14786.json
@@ -1,73 +1,73 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "ics-cert@hq.dhs.gov",
- "DATE_PUBLIC" : "2018-08-23T00:00:00",
- "ID" : "CVE-2018-14786",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Version 2.3.6 and prior"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Becton, Dickinson and Company"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Improper Authentication cwe-287"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "DATE_PUBLIC": "2018-08-23T00:00:00",
+ "ID": "CVE-2018-14786",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Version 2.3.6 and prior"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Becton, Dickinson and Company"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01",
- "refsource" : "MISC",
- "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01"
- },
- {
- "name" : "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states",
- "refsource" : "CONFIRM",
- "url" : "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states"
- },
- {
- "name" : "105147",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105147"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper Authentication cwe-287"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "105147",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105147"
+ },
+ {
+ "name": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states",
+ "refsource": "CONFIRM",
+ "url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states"
+ },
+ {
+ "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01",
+ "refsource": "MISC",
+ "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/15xxx/CVE-2018-15410.json b/2018/15xxx/CVE-2018-15410.json
index a26fbc93ac1..313ac12af47 100644
--- a/2018/15xxx/CVE-2018-15410.json
+++ b/2018/15xxx/CVE-2018-15410.json
@@ -1,127 +1,127 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@cisco.com",
- "DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
- "ID" : "CVE-2018-15410",
- "STATE" : "PUBLIC",
- "TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Cisco WebEx WRF Player ",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Cisco"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
- }
- ]
- },
- "impact" : {
- "cvss" : {
- "baseScore" : "7.8",
- "version" : "3.0"
- }
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-20"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@cisco.com",
+ "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
+ "ID": "CVE-2018-15410",
+ "STATE": "PUBLIC",
+ "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cisco WebEx WRF Player ",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Cisco"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities",
- "refsource" : "CISCO",
- "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"
- },
- {
- "name" : "105520",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105520"
- },
- {
- "name" : "1041795",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1041795"
- }
- ]
- },
- "source" : {
- "advisory" : "cisco-sa-20181003-webex-rce",
- "defect" : [
- [
- "CSCvj83752",
- "CSCvj83767",
- "CSCvj83771",
- "CSCvj83793",
- "CSCvj83797",
- "CSCvj83803",
- "CSCvj83818",
- "CSCvj83824",
- "CSCvj83831",
- "CSCvj87929",
- "CSCvj87934",
- "CSCvj93870",
- "CSCvj93877",
- "CSCvk31089",
- "CSCvk33049",
- "CSCvk52510",
- "CSCvk52518",
- "CSCvk52521",
- "CSCvk59945",
- "CSCvk59949",
- "CSCvk59950",
- "CSCvk60158",
- "CSCvk60163",
- "CSCvm51315",
- "CSCvm51318",
- "CSCvm51361",
- "CSCvm51371",
- "CSCvm51373",
- "CSCvm51374",
- "CSCvm51382",
- "CSCvm51386",
- "CSCvm51391",
- "CSCvm51393",
- "CSCvm51396",
- "CSCvm51398",
- "CSCvm51412",
- "CSCvm51413",
- "CSCvm54531",
- "CSCvm54538"
- ]
- ],
- "discovery" : "UNKNOWN"
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": {
+ "baseScore": "7.8",
+ "version": "3.0"
+ }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1041795",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1041795"
+ },
+ {
+ "name": "105520",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105520"
+ },
+ {
+ "name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities",
+ "refsource": "CISCO",
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "cisco-sa-20181003-webex-rce",
+ "defect": [
+ [
+ "CSCvj83752",
+ "CSCvj83767",
+ "CSCvj83771",
+ "CSCvj83793",
+ "CSCvj83797",
+ "CSCvj83803",
+ "CSCvj83818",
+ "CSCvj83824",
+ "CSCvj83831",
+ "CSCvj87929",
+ "CSCvj87934",
+ "CSCvj93870",
+ "CSCvj93877",
+ "CSCvk31089",
+ "CSCvk33049",
+ "CSCvk52510",
+ "CSCvk52518",
+ "CSCvk52521",
+ "CSCvk59945",
+ "CSCvk59949",
+ "CSCvk59950",
+ "CSCvk60158",
+ "CSCvk60163",
+ "CSCvm51315",
+ "CSCvm51318",
+ "CSCvm51361",
+ "CSCvm51371",
+ "CSCvm51373",
+ "CSCvm51374",
+ "CSCvm51382",
+ "CSCvm51386",
+ "CSCvm51391",
+ "CSCvm51393",
+ "CSCvm51396",
+ "CSCvm51398",
+ "CSCvm51412",
+ "CSCvm51413",
+ "CSCvm54531",
+ "CSCvm54538"
+ ]
+ ],
+ "discovery": "UNKNOWN"
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20063.json b/2018/20xxx/CVE-2018-20063.json
index 3c207254620..00841cfb16a 100644
--- a/2018/20xxx/CVE-2018-20063.json
+++ b/2018/20xxx/CVE-2018-20063.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20063",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in Gurock TestRail 5.6.0.3853. An \"Unrestricted Upload of File\" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20063",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688",
- "refsource" : "MISC",
- "url" : "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in Gurock TestRail 5.6.0.3853. An \"Unrestricted Upload of File\" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688",
+ "refsource": "MISC",
+ "url": "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20654.json b/2018/20xxx/CVE-2018-20654.json
index aad0865aa7a..0d9fba424ec 100644
--- a/2018/20xxx/CVE-2018-20654.json
+++ b/2018/20xxx/CVE-2018-20654.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20654",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20654",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20708.json b/2018/20xxx/CVE-2018-20708.json
index 06a19f519c4..fab768c2e29 100644
--- a/2018/20xxx/CVE-2018-20708.json
+++ b/2018/20xxx/CVE-2018-20708.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20708",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20708",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/20xxx/CVE-2018-20779.json b/2018/20xxx/CVE-2018-20779.json
index 36eb1fe6408..51585576d0a 100644
--- a/2018/20xxx/CVE-2018-20779.json
+++ b/2018/20xxx/CVE-2018-20779.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-20779",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Traq 3.7.1 allows SQL Injection via a tickets?search= URI."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-20779",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://packetstormsecurity.com/files/149894",
- "refsource" : "MISC",
- "url" : "https://packetstormsecurity.com/files/149894"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Traq 3.7.1 allows SQL Injection via a tickets?search= URI."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://packetstormsecurity.com/files/149894",
+ "refsource": "MISC",
+ "url": "https://packetstormsecurity.com/files/149894"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9448.json b/2018/9xxx/CVE-2018-9448.json
index 1017755b549..0f01e98d144 100644
--- a/2018/9xxx/CVE-2018-9448.json
+++ b/2018/9xxx/CVE-2018-9448.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@google.com",
- "DATE_PUBLIC" : "2018-10-31T00:00:00",
- "ID" : "CVE-2018-9448",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Android-8.0 Android-8.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Google Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Information disclosure"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@android.com",
+ "DATE_PUBLIC": "2018-10-31T00:00:00",
+ "ID": "CVE-2018-9448",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android-8.0 Android-8.1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Google Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://source.android.com/security/bulletin/2018-08-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/2018-08-01"
- },
- {
- "name" : "1041432",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1041432"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Information disclosure"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://source.android.com/security/bulletin/2018-08-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/2018-08-01"
+ },
+ {
+ "name": "1041432",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1041432"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/9xxx/CVE-2018-9541.json b/2018/9xxx/CVE-2018-9541.json
index 6c857dffbba..ad17a4dbfc1 100644
--- a/2018/9xxx/CVE-2018-9541.json
+++ b/2018/9xxx/CVE-2018-9541.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@google.com",
- "ID" : "CVE-2018-9541",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Android-9"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Google Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531"
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Information disclosure"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@android.com",
+ "ID": "CVE-2018-9541",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Android-9"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Google Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://source.android.com/security/bulletin/2018-11-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/2018-11-01"
- },
- {
- "name" : "105849",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105849"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Information disclosure"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "105849",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105849"
+ },
+ {
+ "name": "https://source.android.com/security/bulletin/2018-11-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/2018-11-01"
+ }
+ ]
+ }
+}
\ No newline at end of file