From d58d3446d38c4aff2d49aee74737e29ca08438b4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:43:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0028.json | 170 ++++++++-------- 2002/0xxx/CVE-2002-0257.json | 150 +++++++------- 2002/0xxx/CVE-2002-0770.json | 170 ++++++++-------- 2002/0xxx/CVE-2002-0935.json | 160 +++++++-------- 2002/1xxx/CVE-2002-1309.json | 150 +++++++------- 2002/1xxx/CVE-2002-1347.json | 240 +++++++++++----------- 2002/1xxx/CVE-2002-1637.json | 180 ++++++++--------- 2003/0xxx/CVE-2003-0028.json | 360 ++++++++++++++++----------------- 2003/0xxx/CVE-2003-0092.json | 160 +++++++-------- 2003/0xxx/CVE-2003-0334.json | 160 +++++++-------- 2003/0xxx/CVE-2003-0850.json | 160 +++++++-------- 2003/1xxx/CVE-2003-1079.json | 160 +++++++-------- 2003/1xxx/CVE-2003-1380.json | 140 ++++++------- 2003/1xxx/CVE-2003-1567.json | 150 +++++++------- 2012/0xxx/CVE-2012-0522.json | 160 +++++++-------- 2012/0xxx/CVE-2012-0816.json | 34 ++-- 2012/0xxx/CVE-2012-0846.json | 200 +++++++++--------- 2012/1xxx/CVE-2012-1161.json | 34 ++-- 2012/1xxx/CVE-2012-1501.json | 34 ++-- 2012/1xxx/CVE-2012-1535.json | 170 ++++++++-------- 2012/1xxx/CVE-2012-1916.json | 150 +++++++------- 2012/4xxx/CVE-2012-4042.json | 34 ++-- 2012/4xxx/CVE-2012-4592.json | 130 ++++++------ 2012/5xxx/CVE-2012-5768.json | 34 ++-- 2012/5xxx/CVE-2012-5943.json | 130 ++++++------ 2017/2xxx/CVE-2017-2072.json | 34 ++-- 2017/2xxx/CVE-2017-2887.json | 152 +++++++------- 2017/3xxx/CVE-2017-3240.json | 140 ++++++------- 2017/3xxx/CVE-2017-3484.json | 150 +++++++------- 2017/3xxx/CVE-2017-3487.json | 190 ++++++++--------- 2017/3xxx/CVE-2017-3790.json | 140 ++++++------- 2017/6xxx/CVE-2017-6016.json | 130 ++++++------ 2017/6xxx/CVE-2017-6096.json | 140 ++++++------- 2017/6xxx/CVE-2017-6401.json | 130 ++++++------ 2017/6xxx/CVE-2017-6518.json | 130 ++++++------ 2017/6xxx/CVE-2017-6524.json | 34 ++-- 2017/7xxx/CVE-2017-7222.json | 130 ++++++------ 2017/7xxx/CVE-2017-7539.json | 262 ++++++++++++------------ 2017/7xxx/CVE-2017-7817.json | 152 +++++++------- 2018/10xxx/CVE-2018-10069.json | 34 ++-- 2018/10xxx/CVE-2018-10079.json | 130 ++++++------ 2018/10xxx/CVE-2018-10128.json | 120 +++++------ 2018/14xxx/CVE-2018-14172.json | 34 ++-- 2018/14xxx/CVE-2018-14480.json | 34 ++-- 2018/17xxx/CVE-2018-17453.json | 34 ++-- 2018/17xxx/CVE-2018-17931.json | 120 +++++------ 2018/17xxx/CVE-2018-17960.json | 130 ++++++------ 2018/20xxx/CVE-2018-20246.json | 34 ++-- 2018/20xxx/CVE-2018-20388.json | 130 ++++++------ 2018/20xxx/CVE-2018-20630.json | 34 ++-- 2018/9xxx/CVE-2018-9276.json | 140 ++++++------- 2018/9xxx/CVE-2018-9365.json | 34 ++-- 2018/9xxx/CVE-2018-9374.json | 34 ++-- 2018/9xxx/CVE-2018-9394.json | 34 ++-- 2018/9xxx/CVE-2018-9726.json | 34 ++-- 2018/9xxx/CVE-2018-9982.json | 130 ++++++------ 56 files changed, 3387 insertions(+), 3387 deletions(-) diff --git a/2002/0xxx/CVE-2002-0028.json b/2002/0xxx/CVE-2002-0028.json index 0e53312aea1..28a9f375cb7 100644 --- a/2002/0xxx/CVE-2002-0028.json +++ b/2002/0xxx/CVE-2002-0028.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020106 ICQ remote buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101043894627851&w=2" - }, - { - "name" : "20020107 ICQ remote buffer overflow vulnerability", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=101043076806401&w=2" - }, - { - "name" : "CA-2002-02", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-02.html" - }, - { - "name" : "VU#570167", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/570167" - }, - { - "name" : "3813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3813" - }, - { - "name" : "aim-game-overflow(7743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-02", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-02.html" + }, + { + "name": "20020106 ICQ remote buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101043894627851&w=2" + }, + { + "name": "aim-game-overflow(7743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7743" + }, + { + "name": "VU#570167", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/570167" + }, + { + "name": "3813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3813" + }, + { + "name": "20020107 ICQ remote buffer overflow vulnerability", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=101043076806401&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0257.json b/2002/0xxx/CVE-2002-0257.json index 0a3e9eb52ba..d4ba9f78dd7 100644 --- a/2002/0xxx/CVE-2002-0257.json +++ b/2002/0xxx/CVE-2002-0257.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101328880521775&w=2" - }, - { - "name" : "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html", - "refsource" : "CONFIRM", - "url" : "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html" - }, - { - "name" : "makebid-description-css(8161)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8161.php" - }, - { - "name" : "4069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html", + "refsource": "CONFIRM", + "url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html" + }, + { + "name": "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101328880521775&w=2" + }, + { + "name": "makebid-description-css(8161)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8161.php" + }, + { + "name": "4069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4069" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0770.json b/2002/0xxx/CVE-2002-0770.json index 5186e02e45d..c4e189ca89c 100644 --- a/2002/0xxx/CVE-2002-0770.json +++ b/2002/0xxx/CVE-2002-0770.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand \"$\" macros, which causes the server to expand the macros and leak the information, as demonstrated using \"say $rcon_password.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020514 Remote quake 2 3.2x server cvar leak", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/272548" - }, - { - "name" : "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160", - "refsource" : "MISC", - "url" : "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160" - }, - { - "name" : "VU#970915", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/970915" - }, - { - "name" : "4744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4744" - }, - { - "name" : "11187", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11187" - }, - { - "name" : "quake2-unexpanded-var-disclosure(9095)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9095.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand \"$\" macros, which causes the server to expand the macros and leak the information, as demonstrated using \"say $rcon_password.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quake2-unexpanded-var-disclosure(9095)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9095.php" + }, + { + "name": "20020514 Remote quake 2 3.2x server cvar leak", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/272548" + }, + { + "name": "VU#970915", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/970915" + }, + { + "name": "11187", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11187" + }, + { + "name": "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160", + "refsource": "MISC", + "url": "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160" + }, + { + "name": "4744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4744" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0935.json b/2002/0xxx/CVE-2002-0935.json index aa75045d4e7..82c98c09312 100644 --- a/2002/0xxx/CVE-2002-0935.json +++ b/2002/0xxx/CVE-2002-0935.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html" - }, - { - "name" : "20020620 KPMG-2002025: Apache Tomcat Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/277940" - }, - { - "name" : "tomcat-null-thread-dos(9396)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9396.php" - }, - { - "name" : "5067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5067" - }, - { - "name" : "5051", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020620 KPMG-2002025: Apache Tomcat Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/277940" + }, + { + "name": "20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html" + }, + { + "name": "5051", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5051" + }, + { + "name": "5067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5067" + }, + { + "name": "tomcat-null-thread-dos(9396)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9396.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1309.json b/2002/1xxx/CVE-2002-1309.json index 86430958e9a..80794fa8f6e 100644 --- a/2002/1xxx/CVE-2002-1309.json +++ b/2002/1xxx/CVE-2002-1309.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html" - }, - { - "name" : "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html" - }, - { - "name" : "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&r=1&b=200211&w=2" - }, - { - "name" : "AD20021112", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/Research/Advisories/AD20021112.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&r=1&b=200211&w=2" + }, + { + "name": "AD20021112", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/Research/Advisories/AD20021112.html" + }, + { + "name": "20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html" + }, + { + "name": "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1347.json b/2002/1xxx/CVE-2002-1347.json index 2e055faabc3..b1840333087 100644 --- a/2002/1xxx/CVE-2002-1347.json +++ b/2002/1xxx/CVE-2002-1347.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021209 Cyrus SASL library buffer overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103946297703402&w=2" - }, - { - "name" : "APPLE-SA-2005-03-21", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" - }, - { - "name" : "000557", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557" - }, - { - "name" : "DSA-215", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-215" - }, - { - "name" : "200212-10", - "refsource" : "GENTOO", - "url" : "http://www.securityfocus.com/advisories/4826" - }, - { - "name" : "RHSA-2002:283", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-283.html" - }, - { - "name" : "SuSE-SA:2002:048", - "refsource" : "SUSE", - "url" : "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html" - }, - { - "name" : "6347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6347" - }, - { - "name" : "6348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6348" - }, - { - "name" : "6349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6349" - }, - { - "name" : "cyrus-sasl-username-bo(10810)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810" - }, - { - "name" : "cyrus-sasl-saslauthd-bo(10811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811" - }, - { - "name" : "cyrus-sasl-logwriter-bo(10812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cyrus-sasl-logwriter-bo(10812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812" + }, + { + "name": "SuSE-SA:2002:048", + "refsource": "SUSE", + "url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html" + }, + { + "name": "000557", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557" + }, + { + "name": "6349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6349" + }, + { + "name": "20021209 Cyrus SASL library buffer overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2" + }, + { + "name": "DSA-215", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-215" + }, + { + "name": "cyrus-sasl-saslauthd-bo(10811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811" + }, + { + "name": "6348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6348" + }, + { + "name": "APPLE-SA-2005-03-21", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html" + }, + { + "name": "6347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6347" + }, + { + "name": "200212-10", + "refsource": "GENTOO", + "url": "http://www.securityfocus.com/advisories/4826" + }, + { + "name": "cyrus-sasl-username-bo(10810)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810" + }, + { + "name": "RHSA-2002:283", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-283.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1637.json b/2002/1xxx/CVE-2002-1637.json index ddee233c66c..f965e1a8399 100644 --- a/2002/1xxx/CVE-2002-1637.json +++ b/2002/1xxx/CVE-2002-1637.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name" : "VU#712723", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/712723" - }, - { - "name" : "default-oracle-system(968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/968" - }, - { - "name" : "default-oracle-sys(969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/969" - }, - { - "name" : "default-oracle-scott(970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/970" - }, - { - "name" : "default-oracle-apps(971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/971" - }, - { - "name" : "default-oracle-applsys(972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "default-oracle-applsys(972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/972" + }, + { + "name": "VU#712723", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/712723" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + }, + { + "name": "default-oracle-system(968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/968" + }, + { + "name": "default-oracle-apps(971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/971" + }, + { + "name": "default-oracle-sys(969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/969" + }, + { + "name": "default-oracle-scott(970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/970" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0028.json b/2003/0xxx/CVE-2003-0028.json index f4e65666313..218b64c0b41 100644 --- a/2003/0xxx/CVE-2003-0028.json +++ b/2003/0xxx/CVE-2003-0028.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030319 EEYE: XDR Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104810574423662&w=2" - }, - { - "name" : "20030331 GLSA: dietlibc (200303-29)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316931/30/25250/threaded" - }, - { - "name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded" - }, - { - "name" : "20030319 RE: EEYE: XDR Integer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/315638/30/25430/threaded" - }, - { - "name" : "20030319 EEYE: XDR Integer Overflow", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html" - }, - { - "name" : "AD20030318", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/Research/Advisories/AD20030318.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20150122-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20150122-0002/" - }, - { - "name" : "CA-2003-10", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-10.html" - }, - { - "name" : "VU#516825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/516825" - }, - { - "name" : "DSA-282", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-282" - }, - { - "name" : "RHSA-2003:051", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html" - }, - { - "name" : "RHSA-2003:052", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html" - }, - { - "name" : "RHSA-2003:089", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-089.html" - }, - { - "name" : "RHSA-2003:091", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html" - }, - { - "name" : "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104811415301340&w=2" - }, - { - "name" : "ESA-20030321-010", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html" - }, - { - "name" : "DSA-266", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-266" - }, - { - "name" : "DSA-272", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-272" - }, - { - "name" : "20030325 GLSA: glibc (200303-22)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104860855114117&w=2" - }, - { - "name" : "MDKSA-2003:037", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037" - }, - { - "name" : "NetBSD-SA2003-008", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc" - }, - { - "name" : "SuSE-SA:2003:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_027_glibc.html" - }, - { - "name" : "2003-0014", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=104878237121402&w=2" - }, - { - "name" : "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105362148313082&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:230", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ESA-20030321-010", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html" + }, + { + "name": "20030319 EEYE: XDR Integer Overflow", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html" + }, + { + "name": "MDKSA-2003:037", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037" + }, + { + "name": "RHSA-2003:052", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-052.html" + }, + { + "name": "CA-2003-10", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-10.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20150122-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20150122-0002/" + }, + { + "name": "DSA-282", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-282" + }, + { + "name": "20030331 GLSA: krb5 & mit-krb5 (200303-28)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded" + }, + { + "name": "SuSE-SA:2003:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html" + }, + { + "name": "20030319 RE: EEYE: XDR Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded" + }, + { + "name": "RHSA-2003:091", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-091.html" + }, + { + "name": "AD20030318", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html" + }, + { + "name": "VU#516825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/516825" + }, + { + "name": "20030325 GLSA: glibc (200303-22)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104860855114117&w=2" + }, + { + "name": "NetBSD-SA2003-008", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc" + }, + { + "name": "2003-0014", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=104878237121402&w=2" + }, + { + "name": "20030331 GLSA: dietlibc (200303-29)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded" + }, + { + "name": "RHSA-2003:051", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-051.html" + }, + { + "name": "20030319 EEYE: XDR Integer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104810574423662&w=2" + }, + { + "name": "oval:org.mitre.oval:def:230", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230" + }, + { + "name": "DSA-266", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-266" + }, + { + "name": "RHSA-2003:089", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-089.html" + }, + { + "name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104811415301340&w=2" + }, + { + "name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105362148313082&w=2" + }, + { + "name": "DSA-272", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-272" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0092.json b/2003/0xxx/CVE-2003-0092.json index aaf346eca70..1d498b93655 100644 --- a/2003/0xxx/CVE-2003-0092.json +++ b/2003/0xxx/CVE-2003-0092.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316948/30/25250/threaded" - }, - { - "name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html" - }, - { - "name" : "52388", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1" - }, - { - "name" : "7240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7240" - }, - { - "name" : "oval:org.mitre.oval:def:1905", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1905", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905" + }, + { + "name": "7240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7240" + }, + { + "name": "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316948/30/25250/threaded" + }, + { + "name": "52388", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1" + }, + { + "name": "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0334.json b/2003/0xxx/CVE-2003-0334.json index 34a88c6f79e..cca1aa5f93d 100644 --- a/2003/0xxx/CVE-2003-0334.json +++ b/2003/0xxx/CVE-2003-0334.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030510 BitchX: Crash when channel modes change", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105259643606984&w=2" - }, - { - "name" : "CLA-2003:655", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655" - }, - { - "name" : "MDKSA-2003:069", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:069" - }, - { - "name" : "7551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7551" - }, - { - "name" : "bitchx-mode-change-dos(12008)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bitchx-mode-change-dos(12008)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12008" + }, + { + "name": "7551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7551" + }, + { + "name": "20030510 BitchX: Crash when channel modes change", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105259643606984&w=2" + }, + { + "name": "MDKSA-2003:069", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:069" + }, + { + "name": "CLA-2003:655", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0850.json b/2003/0xxx/CVE-2003-0850.json index 076904b2ffa..46bbed8732e 100644 --- a/2003/0xxx/CVE-2003-0850.json +++ b/2003/0xxx/CVE-2003-0850.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031027 Libnids <= 1.17 buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106728224210446&w=2" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=191323", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=191323" - }, - { - "name" : "CLA-2003:773", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773" - }, - { - "name" : "DSA-410", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-410" - }, - { - "name" : "10543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10543" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10543" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=191323", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=191323" + }, + { + "name": "CLA-2003:773", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773" + }, + { + "name": "20031027 Libnids <= 1.17 buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106728224210446&w=2" + }, + { + "name": "DSA-410", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-410" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1079.json b/2003/1xxx/CVE-2003-1079.json index fa1e6279f21..99749d03db3 100644 --- a/2003/1xxx/CVE-2003-1079.json +++ b/2003/1xxx/CVE-2003-1079.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "50626", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1" - }, - { - "name" : "6883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6883" - }, - { - "name" : "1006131", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006131" - }, - { - "name" : "8092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8092/" - }, - { - "name" : "solaris-udp-rpc-dos(11368)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-udp-rpc-dos(11368)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11368" + }, + { + "name": "1006131", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006131" + }, + { + "name": "6883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6883" + }, + { + "name": "8092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8092/" + }, + { + "name": "50626", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1380.json b/2003/1xxx/CVE-2003-1380.json index 65518764b7e..bb5257c8857 100644 --- a/2003/1xxx/CVE-2003-1380.json +++ b/2003/1xxx/CVE-2003-1380.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a \"mget @../FILE\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/312032" - }, - { - "name" : "6873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6873" - }, - { - "name" : "bisonftp-ls-view-files(11347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a \"mget @../FILE\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/312032" + }, + { + "name": "6873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6873" + }, + { + "name": "bisonftp-ls-view-files(11347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11347" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1567.json b/2003/1xxx/CVE-2003-1567.json index fb0edd0d502..b5409275f7f 100644 --- a/2003/1xxx/CVE-2003-1567.json +++ b/2003/1xxx/CVE-2003-1567.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html" - }, - { - "name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", - "refsource" : "MISC", - "url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt" - }, - { - "name" : "VU#288308", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/288308" - }, - { - "name" : "5648", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031227 AQ-2003-02: Microsoft IIS Logging Failure", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html" + }, + { + "name": "VU#288308", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/288308" + }, + { + "name": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", + "refsource": "MISC", + "url": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt" + }, + { + "name": "5648", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5648" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0522.json b/2012/0xxx/CVE-2012-0522.json index 73f3eaec0ef..443f8427079 100644 --- a/2012/0xxx/CVE-2012-0522.json +++ b/2012/0xxx/CVE-2012-0522.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53053" - }, - { - "name" : "1026949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026949" - }, - { - "name" : "48863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53053" + }, + { + "name": "1026949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026949" + }, + { + "name": "48863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48863" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0816.json b/2012/0xxx/CVE-2012-0816.json index 9bdf9c44745..db8c2457628 100644 --- a/2012/0xxx/CVE-2012-0816.json +++ b/2012/0xxx/CVE-2012-0816.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0816", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0816", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0846.json b/2012/0xxx/CVE-2012-0846.json index 117fd14f12e..1505317a45f 100644 --- a/2012/0xxx/CVE-2012-0846.json +++ b/2012/0xxx/CVE-2012-0846.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120119 Webcalendar 1.2.4 'location' XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0129.html" - }, - { - "name" : "[oss-security] 20120211 CVE-request: Webcalendar 1.2.4 location XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/11/2" - }, - { - "name" : "[oss-security] 20120211 Re: CVE-request: Webcalendar 1.2.4 location XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/12/1" - }, - { - "name" : "[oss-security] 20120212 Re: CVE-request: Webcalendar 1.2.4 location XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/12/3" - }, - { - "name" : "[oss-security] 20120213 Re: CVE-request: Webcalendar 1.2.4 location XSS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/13/6" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870" - }, - { - "name" : "51600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51600" - }, - { - "name" : "webcalendar-location-xss(72563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120211 Re: CVE-request: Webcalendar 1.2.4 location XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/12/1" + }, + { + "name": "webcalendar-location-xss(72563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72563" + }, + { + "name": "[oss-security] 20120213 Re: CVE-request: Webcalendar 1.2.4 location XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/13/6" + }, + { + "name": "[oss-security] 20120211 CVE-request: Webcalendar 1.2.4 location XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/11/2" + }, + { + "name": "[oss-security] 20120212 Re: CVE-request: Webcalendar 1.2.4 location XSS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/12/3" + }, + { + "name": "20120119 Webcalendar 1.2.4 'location' XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0129.html" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870" + }, + { + "name": "51600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51600" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1161.json b/2012/1xxx/CVE-2012-1161.json index 2a9e05b3b71..6bce87c7402 100644 --- a/2012/1xxx/CVE-2012-1161.json +++ b/2012/1xxx/CVE-2012-1161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1161", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1161", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1501.json b/2012/1xxx/CVE-2012-1501.json index ac109f60d58..90a885a129a 100644 --- a/2012/1xxx/CVE-2012-1501.json +++ b/2012/1xxx/CVE-2012-1501.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1501", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-1501", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1535.json b/2012/1xxx/CVE-2012-1535.json index 6c41a2323d0..992d2218804 100644 --- a/2012/1xxx/CVE-2012-1535.json +++ b/2012/1xxx/CVE-2012-1535.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-18.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-18.html" - }, - { - "name" : "GLSA-201209-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-01.xml" - }, - { - "name" : "HPSBMU02948", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139455789818399&w=2" - }, - { - "name" : "RHSA-2012:1203", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1203.html" - }, - { - "name" : "SUSE-SU-2012:1001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html" - }, - { - "name" : "openSUSE-SU-2012:0996", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-18.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-18.html" + }, + { + "name": "RHSA-2012:1203", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1203.html" + }, + { + "name": "GLSA-201209-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-01.xml" + }, + { + "name": "HPSBMU02948", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139455789818399&w=2" + }, + { + "name": "SUSE-SU-2012:1001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html" + }, + { + "name": "openSUSE-SU-2012:0996", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1916.json b/2012/1xxx/CVE-2012-1916.json index 2c005f1541a..374de058b48 100644 --- a/2012/1xxx/CVE-2012-1916.json +++ b/2012/1xxx/CVE-2012-1916.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://en.securitylab.ru/lab/PT-2011-48", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2011-48" - }, - { - "name" : "http://atmail.org/download/atmailopen.tgz", - "refsource" : "CONFIRM", - "url" : "http://atmail.org/download/atmailopen.tgz" - }, - { - "name" : "VU#743555", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/743555" - }, - { - "name" : "47012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://en.securitylab.ru/lab/PT-2011-48", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2011-48" + }, + { + "name": "http://atmail.org/download/atmailopen.tgz", + "refsource": "CONFIRM", + "url": "http://atmail.org/download/atmailopen.tgz" + }, + { + "name": "VU#743555", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/743555" + }, + { + "name": "47012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47012" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4042.json b/2012/4xxx/CVE-2012-4042.json index 407476ffc7e..889944ceed7 100644 --- a/2012/4xxx/CVE-2012-4042.json +++ b/2012/4xxx/CVE-2012-4042.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4042", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4042", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4592.json b/2012/4xxx/CVE-2012-4592.json index c58ae65c6f3..f93b1755c44 100644 --- a/2012/4xxx/CVE-2012-4592.json +++ b/2012/4xxx/CVE-2012-4592.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10022", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10022" - }, - { - "name" : "mcafee-emm-portal-info-disc(78220)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mcafee-emm-portal-info-disc(78220)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78220" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5768.json b/2012/5xxx/CVE-2012-5768.json index bb386783aae..22f211ad5c8 100644 --- a/2012/5xxx/CVE-2012-5768.json +++ b/2012/5xxx/CVE-2012-5768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5943.json b/2012/5xxx/CVE-2012-5943.json index 4bad5060ea9..6b7acf9fb14 100644 --- a/2012/5xxx/CVE-2012-5943.json +++ b/2012/5xxx/CVE-2012-5943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628658", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628658" - }, - { - "name" : "inotes-mail-xss(80538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "inotes-mail-xss(80538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80538" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21628658", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21628658" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2072.json b/2017/2xxx/CVE-2017-2072.json index 0a2831337e3..ae82d953778 100644 --- a/2017/2xxx/CVE-2017-2072.json +++ b/2017/2xxx/CVE-2017-2072.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2072", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2072", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2887.json b/2017/2xxx/CVE-2017-2887.json index f984294e4de..01a416fac29 100644 --- a/2017/2xxx/CVE-2017-2887.json +++ b/2017/2xxx/CVE-2017-2887.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-2887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Simple Direct Media", - "version" : { - "version_data" : [ - { - "version_value" : "Simple DirectMedia Layer SDL_image 2.0.1" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-2887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Simple Direct Media", + "version": { + "version_data": [ + { + "version_value": "Simple DirectMedia Layer SDL_image 2.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394" - }, - { - "name" : "DSA-4177", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4177" - }, - { - "name" : "DSA-4184", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4184" - }, - { - "name" : "101215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4177", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4177" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394" + }, + { + "name": "101215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101215" + }, + { + "name": "DSA-4184", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4184" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3240.json b/2017/3xxx/CVE-2017-3240.json index ea46803f4d5..40de71b3e4d 100644 --- a/2017/3xxx/CVE-2017-3240.json +++ b/2017/3xxx/CVE-2017-3240.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle Database", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95477" - }, - { - "name" : "1037630", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037630", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037630" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "95477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95477" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3484.json b/2017/3xxx/CVE-2017-3484.json index 83d9e33fc96..11c51a48b9f 100644 --- a/2017/3xxx/CVE-2017-3484.json +++ b/2017/3xxx/CVE-2017-3484.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Enterprise Limits and Collateral Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Enterprise Limits and Collateral Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97786" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97786" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3487.json b/2017/3xxx/CVE-2017-3487.json index 3cf32948284..0558ca3d262 100644 --- a/2017/3xxx/CVE-2017-3487.json +++ b/2017/3xxx/CVE-2017-3487.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Investor Servicing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97871" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97871" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3790.json b/2017/3xxx/CVE-2017-3790.json index b7a71563f47..e622842e71d 100644 --- a/2017/3xxx/CVE-2017-3790.json +++ b/2017/3xxx/CVE-2017-3790.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable", + "version": { + "version_data": [ + { + "version_value": "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway" - }, - { - "name" : "95786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95786" - }, - { - "name" : "1037697", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway" + }, + { + "name": "95786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95786" + }, + { + "name": "1037697", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037697" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6016.json b/2017/6xxx/CVE-2017-6016.json index b09c83e983b..b4a2a2c414b 100644 --- a/2017/6xxx/CVE-2017-6016.json +++ b/2017/6xxx/CVE-2017-6016.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-6016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA", - "version" : { - "version_data" : [ - { - "version_value" : "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-6016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA", + "version": { + "version_data": [ + { + "version_value": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01" - }, - { - "name" : "96942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96942" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6096.json b/2017/6xxx/CVE-2017-6096.json index 7c6d98305d3..e6d50f76ea4 100644 --- a/2017/6xxx/CVE-2017-6096.json +++ b/2017/6xxx/CVE-2017-6096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41438", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41438/" - }, - { - "name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", - "refsource" : "MISC", - "url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8740", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8740", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8740" + }, + { + "name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", + "refsource": "MISC", + "url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" + }, + { + "name": "41438", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41438/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6401.json b/2017/6xxx/CVE-2017-6401.json index 9e0e7708850..125c9b93935 100644 --- a/2017/6xxx/CVE-2017-6401.json +++ b/2017/6xxx/CVE-2017-6401.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6" - }, - { - "name" : "96493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96493" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96493" + }, + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6518.json b/2017/6xxx/CVE-2017-6518.json index 50fabdf139f..e6ecf134e8e 100644 --- a/2017/6xxx/CVE-2017-6518.json +++ b/2017/6xxx/CVE-2017-6518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://daimacn.com/?id=6", - "refsource" : "MISC", - "url" : "http://daimacn.com/?id=6" - }, - { - "name" : "97152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://daimacn.com/?id=6", + "refsource": "MISC", + "url": "http://daimacn.com/?id=6" + }, + { + "name": "97152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97152" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6524.json b/2017/6xxx/CVE-2017-6524.json index dcef0027f87..0620dde5f18 100644 --- a/2017/6xxx/CVE-2017-6524.json +++ b/2017/6xxx/CVE-2017-6524.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6524", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6524", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7222.json b/2017/7xxx/CVE-2017-7222.json index cf0135172d6..fd951c8346f 100644 --- a/2017/7xxx/CVE-2017-7222.json +++ b/2017/7xxx/CVE-2017-7222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a", - "refsource" : "CONFIRM", - "url" : "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a" - }, - { - "name" : "https://mantisbt.org/bugs/view.php?id=22266", - "refsource" : "CONFIRM", - "url" : "https://mantisbt.org/bugs/view.php?id=22266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://mantisbt.org/bugs/view.php?id=22266", + "refsource": "CONFIRM", + "url": "https://mantisbt.org/bugs/view.php?id=22266" + }, + { + "name": "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a", + "refsource": "CONFIRM", + "url": "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7539.json b/2017/7xxx/CVE-2017-7539.json index cf8bfa48189..f48d781508b 100644 --- a/2017/7xxx/CVE-2017-7539.json +++ b/2017/7xxx/CVE-2017-7539.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-7539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Qemu", - "version" : { - "version_data" : [ - { - "version_value" : "2.10.1" - } - ] - } - } - ] - }, - "vendor_name" : "QEMU" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-617" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Qemu", + "version": { + "version_data": [ + { + "version_value": "2.10.1" + } + ] + } + } + ] + }, + "vendor_name": "QEMU" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/07/21/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539" - }, - { - "name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b", - "refsource" : "CONFIRM", - "url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b" - }, - { - "name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19", - "refsource" : "CONFIRM", - "url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19" - }, - { - "name" : "RHSA-2017:2628", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2628" - }, - { - "name" : "RHSA-2017:3466", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3466" - }, - { - "name" : "RHSA-2017:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3470" - }, - { - "name" : "RHSA-2017:3471", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3471" - }, - { - "name" : "RHSA-2017:3472", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3472" - }, - { - "name" : "RHSA-2017:3473", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3473" - }, - { - "name" : "RHSA-2017:3474", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3474" - }, - { - "name" : "99944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-617" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2628", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2628" + }, + { + "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b", + "refsource": "CONFIRM", + "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b" + }, + { + "name": "RHSA-2017:3473", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3473" + }, + { + "name": "RHSA-2017:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3470" + }, + { + "name": "RHSA-2017:3472", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3472" + }, + { + "name": "RHSA-2017:3474", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3474" + }, + { + "name": "RHSA-2017:3471", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3471" + }, + { + "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19", + "refsource": "CONFIRM", + "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19" + }, + { + "name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/07/21/4" + }, + { + "name": "RHSA-2017:3466", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3466" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539" + }, + { + "name": "99944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99944" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7817.json b/2017/7xxx/CVE-2017-7817.json index f1d65de8c87..8eb5ebef34a 100644 --- a/2017/7xxx/CVE-2017-7817.json +++ b/2017/7xxx/CVE-2017-7817.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Firefox for Android address bar spoofing through fullscreen mode" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "101057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101057" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Firefox for Android address bar spoofing through fullscreen mode" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596" + }, + { + "name": "101057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101057" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10069.json b/2018/10xxx/CVE-2018-10069.json index 46402eacdeb..6a03be92b86 100644 --- a/2018/10xxx/CVE-2018-10069.json +++ b/2018/10xxx/CVE-2018-10069.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10069", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10069", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10079.json b/2018/10xxx/CVE-2018-10079.json index f233f10640c..98164c750e6 100644 --- a/2018/10xxx/CVE-2018-10079.json +++ b/2018/10xxx/CVE-2018-10079.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\\ProgramData\\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44493", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44493/" - }, - { - "name" : "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\\ProgramData\\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44493", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44493/" + }, + { + "name": "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10128.json b/2018/10xxx/CVE-2018-10128.json index bbe83d8272e..c9601ab69b6 100644 --- a/2018/10xxx/CVE-2018-10128.json +++ b/2018/10xxx/CVE-2018-10128.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gosea/xyhcms/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/gosea/xyhcms/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gosea/xyhcms/issues/2", + "refsource": "MISC", + "url": "https://github.com/gosea/xyhcms/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14172.json b/2018/14xxx/CVE-2018-14172.json index 5b7f67d4dbb..81938aec242 100644 --- a/2018/14xxx/CVE-2018-14172.json +++ b/2018/14xxx/CVE-2018-14172.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14172", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14172", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14480.json b/2018/14xxx/CVE-2018-14480.json index 817fc5384ca..e0ff6a26ba5 100644 --- a/2018/14xxx/CVE-2018-14480.json +++ b/2018/14xxx/CVE-2018-14480.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14480", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14480", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17453.json b/2018/17xxx/CVE-2018-17453.json index 84b6a163435..5ab5670c03f 100644 --- a/2018/17xxx/CVE-2018-17453.json +++ b/2018/17xxx/CVE-2018-17453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17931.json b/2018/17xxx/CVE-2018-17931.json index 358615d2334..8d83cf1e51c 100644 --- a/2018/17xxx/CVE-2018-17931.json +++ b/2018/17xxx/CVE-2018-17931.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-17931", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VGo Robot", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER ACCESS CONTROL CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-17931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VGo Robot", + "version": { + "version_data": [ + { + "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17960.json b/2018/17xxx/CVE-2018-17960.json index 595489ce9b8..eb78c254bdc 100644 --- a/2018/17xxx/CVE-2018-17960.json +++ b/2018/17xxx/CVE-2018-17960.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/", - "refsource" : "MISC", - "url" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" - }, - { - "name" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0", - "refsource" : "MISC", - "url" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/", + "refsource": "MISC", + "url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/" + }, + { + "name": "https://ckeditor.com/cke4/release/CKEditor-4.11.0", + "refsource": "MISC", + "url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20246.json b/2018/20xxx/CVE-2018-20246.json index 0b75d06e623..72ca1923b15 100644 --- a/2018/20xxx/CVE-2018-20246.json +++ b/2018/20xxx/CVE-2018-20246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20246", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-20246", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20388.json b/2018/20xxx/CVE-2018-20388.json index 84764986be1..e39d170d940 100644 --- a/2018/20xxx/CVE-2018-20388.json +++ b/2018/20xxx/CVE-2018-20388.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", + "refsource": "MISC", + "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20630.json b/2018/20xxx/CVE-2018-20630.json index b9e3fba2f88..54e444b9bd8 100644 --- a/2018/20xxx/CVE-2018-20630.json +++ b/2018/20xxx/CVE-2018-20630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9276.json b/2018/9xxx/CVE-2018-9276.json index abf23ac41b9..ca7c9f7a7c0 100644 --- a/2018/9xxx/CVE-2018-9276.json +++ b/2018/9xxx/CVE-2018-9276.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180626 PRTG < 18.2.39 Command Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542103/100/0/threaded" - }, - { - "name" : "46527", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46527/" - }, - { - "name" : "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html" + }, + { + "name": "46527", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46527/" + }, + { + "name": "20180626 PRTG < 18.2.39 Command Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542103/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9365.json b/2018/9xxx/CVE-2018-9365.json index ea0b49031c3..9d36957f1bb 100644 --- a/2018/9xxx/CVE-2018-9365.json +++ b/2018/9xxx/CVE-2018-9365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9374.json b/2018/9xxx/CVE-2018-9374.json index 1aa61ed620b..576f59b56ac 100644 --- a/2018/9xxx/CVE-2018-9374.json +++ b/2018/9xxx/CVE-2018-9374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9394.json b/2018/9xxx/CVE-2018-9394.json index d68ed4f3b43..9ff012d9d24 100644 --- a/2018/9xxx/CVE-2018-9394.json +++ b/2018/9xxx/CVE-2018-9394.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9394", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9394", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9726.json b/2018/9xxx/CVE-2018-9726.json index 3342f675c0f..155f96a2132 100644 --- a/2018/9xxx/CVE-2018-9726.json +++ b/2018/9xxx/CVE-2018-9726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9982.json b/2018/9xxx/CVE-2018-9982.json index 430c0ac0c96..67c2f949bd2 100644 --- a/2018/9xxx/CVE-2018-9982.json +++ b/2018/9xxx/CVE-2018-9982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787-Out-of-bounds Write" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-380", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-380" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787-Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-380", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-380" + } + ] + } +} \ No newline at end of file