From da377115558a99167eb8497f144ed01ebdc6e0c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:09:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0075.json | 210 +++++++++++++++---------------- 2002/0xxx/CVE-2002-0845.json | 150 +++++++++++----------- 2002/1xxx/CVE-2002-1040.json | 120 +++++++++--------- 2002/1xxx/CVE-2002-1092.json | 140 ++++++++++----------- 2002/1xxx/CVE-2002-1252.json | 140 ++++++++++----------- 2002/1xxx/CVE-2002-1464.json | 150 +++++++++++----------- 2002/1xxx/CVE-2002-1635.json | 140 ++++++++++----------- 2003/0xxx/CVE-2003-0211.json | 170 ++++++++++++------------- 2003/0xxx/CVE-2003-0602.json | 150 +++++++++++----------- 2003/0xxx/CVE-2003-0834.json | 180 +++++++++++++-------------- 2003/0xxx/CVE-2003-0914.json | 190 ++++++++++++++-------------- 2003/1xxx/CVE-2003-1061.json | 140 ++++++++++----------- 2003/1xxx/CVE-2003-1426.json | 140 ++++++++++----------- 2012/0xxx/CVE-2012-0783.json | 34 ++--- 2012/0xxx/CVE-2012-0925.json | 160 ++++++++++++------------ 2012/1xxx/CVE-2012-1423.json | 180 +++++++++++++-------------- 2012/1xxx/CVE-2012-1601.json | 220 ++++++++++++++++----------------- 2012/1xxx/CVE-2012-1844.json | 170 ++++++++++++------------- 2012/4xxx/CVE-2012-4419.json | 200 +++++++++++++++--------------- 2012/4xxx/CVE-2012-4661.json | 170 ++++++++++++------------- 2012/4xxx/CVE-2012-4707.json | 120 +++++++++--------- 2012/4xxx/CVE-2012-4713.json | 130 +++++++++---------- 2012/5xxx/CVE-2012-5046.json | 34 ++--- 2012/5xxx/CVE-2012-5543.json | 140 ++++++++++----------- 2017/2xxx/CVE-2017-2249.json | 130 +++++++++---------- 2017/2xxx/CVE-2017-2511.json | 130 +++++++++---------- 2017/3xxx/CVE-2017-3129.json | 130 +++++++++---------- 2017/3xxx/CVE-2017-3217.json | 152 +++++++++++------------ 2017/3xxx/CVE-2017-3346.json | 166 ++++++++++++------------- 2017/3xxx/CVE-2017-3633.json | 202 +++++++++++++++--------------- 2017/3xxx/CVE-2017-3696.json | 34 ++--- 2017/6xxx/CVE-2017-6089.json | 130 +++++++++---------- 2017/6xxx/CVE-2017-6116.json | 34 ++--- 2017/6xxx/CVE-2017-6215.json | 120 +++++++++--------- 2017/7xxx/CVE-2017-7628.json | 140 ++++++++++----------- 2018/10xxx/CVE-2018-10340.json | 34 ++--- 2018/10xxx/CVE-2018-10434.json | 34 ++--- 2018/10xxx/CVE-2018-10700.json | 34 ++--- 2018/10xxx/CVE-2018-10703.json | 34 ++--- 2018/14xxx/CVE-2018-14164.json | 34 ++--- 2018/14xxx/CVE-2018-14179.json | 34 ++--- 2018/17xxx/CVE-2018-17570.json | 130 +++++++++---------- 2018/17xxx/CVE-2018-17738.json | 34 ++--- 2018/17xxx/CVE-2018-17761.json | 34 ++--- 2018/20xxx/CVE-2018-20064.json | 120 +++++++++--------- 2018/20xxx/CVE-2018-20449.json | 34 ++--- 2018/20xxx/CVE-2018-20704.json | 34 ++--- 2018/9xxx/CVE-2018-9028.json | 132 ++++++++++---------- 2018/9xxx/CVE-2018-9078.json | 182 +++++++++++++-------------- 2018/9xxx/CVE-2018-9286.json | 34 ++--- 2018/9xxx/CVE-2018-9364.json | 34 ++--- 2018/9xxx/CVE-2018-9918.json | 140 ++++++++++----------- 52 files changed, 3029 insertions(+), 3029 deletions(-) diff --git a/2002/0xxx/CVE-2002-0075.json b/2002/0xxx/CVE-2002-0075.json index 1c51ee386f4..d17a672c126 100644 --- a/2002/0xxx/CVE-2002-0075.json +++ b/2002/0xxx/CVE-2002-0075.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (\"\"302 Object Moved\") message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101854677802990&w=2" - }, - { - "name" : "MS02-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" - }, - { - "name" : "CA-2002-09", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-09.html" - }, - { - "name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" - }, - { - "name" : "VU#520707", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/520707" - }, - { - "name" : "iis-redirected-url-error-css(8804)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8804.php" - }, - { - "name" : "4487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4487" - }, - { - "name" : "3341", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3341" - }, - { - "name" : "oval:org.mitre.oval:def:210", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210" - }, - { - "name" : "oval:org.mitre.oval:def:58", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (\"\"302 Object Moved\") message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101854677802990&w=2" + }, + { + "name": "4487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4487" + }, + { + "name": "3341", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3341" + }, + { + "name": "MS02-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" + }, + { + "name": "iis-redirected-url-error-css(8804)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8804.php" + }, + { + "name": "oval:org.mitre.oval:def:58", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58" + }, + { + "name": "CA-2002-09", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-09.html" + }, + { + "name": "VU#520707", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/520707" + }, + { + "name": "oval:org.mitre.oval:def:210", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210" + }, + { + "name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0845.json b/2002/0xxx/CVE-2002-0845.json index fe650712180..e19c47fef96 100644 --- a/2002/0xxx/CVE-2002-0845.json +++ b/2002/0xxx/CVE-2002-0845.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102890933623192&w=2" - }, - { - "name" : "http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html", - "refsource" : "CONFIRM", - "url" : "http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html" - }, - { - "name" : "iplanet-chunked-encoding-bo(9799)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9799.php" - }, - { - "name" : "5433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html", + "refsource": "CONFIRM", + "url": "http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html" + }, + { + "name": "iplanet-chunked-encoding-bo(9799)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9799.php" + }, + { + "name": "5433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5433" + }, + { + "name": "20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102890933623192&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1040.json b/2002/1xxx/CVE-2002-1040.json index cef354ec182..7f6b6bf1457 100644 --- a/2002/1xxx/CVE-2002-1040.json +++ b/2002/1xxx/CVE-2002-1040.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY29749", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2002-q3/0000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY29749", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2002-q3/0000.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1092.json b/2002/1xxx/CVE-2002-1092.json index 751fc2d363d..d4ff6b710a2 100644 --- a/2002/1xxx/CVE-2002-1092.json +++ b/2002/1xxx/CVE-2002-1092.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn-bypass-authentication(10017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10017" - }, - { - "name" : "5613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5613" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml" + }, + { + "name": "cisco-vpn-bypass-authentication(10017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10017" + }, + { + "name": "5613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5613" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1252.json b/2002/1xxx/CVE-2002-1252.json index 0b635894f5e..44408a19cf4 100644 --- a/2002/1xxx/CVE-2002-1252.json +++ b/2002/1xxx/CVE-2002-1252.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030120 PeopleSoft XML External Entities Vulnerability", - "refsource" : "ISS", - "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811" - }, - { - "name" : "6647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6647" - }, - { - "name" : "peoplesoft-xxe-read-files(10520)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10520.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "peoplesoft-xxe-read-files(10520)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10520.php" + }, + { + "name": "20030120 PeopleSoft XML External Entities Vulnerability", + "refsource": "ISS", + "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811" + }, + { + "name": "6647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6647" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1464.json b/2002/1xxx/CVE-2002-1464.json index d52cb13ed49..89a2fec9a2d 100644 --- a/2002/1xxx/CVE-2002-1464.json +++ b/2002/1xxx/CVE-2002-1464.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020813 Multiple Vulnerabilities in CafeLog Weblog Package", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html" - }, - { - "name" : "20020813 Multiple Vulnerabilities in CafeLog Weblog Package", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/287228" - }, - { - "name" : "5455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5455" - }, - { - "name" : "b2-gpc-xss(9835)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9835.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020813 Multiple Vulnerabilities in CafeLog Weblog Package", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html" + }, + { + "name": "20020813 Multiple Vulnerabilities in CafeLog Weblog Package", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/287228" + }, + { + "name": "b2-gpc-xss(9835)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9835.php" + }, + { + "name": "5455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5455" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1635.json b/2002/1xxx/CVE-2002-1635.json index e886aaaaee7..7c18df3dd94 100644 --- a/2002/1xxx/CVE-2002-1635.json +++ b/2002/1xxx/CVE-2002-1635.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name" : "VU#936507", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/936507" - }, - { - "name" : "oracle-perl-cgi-source(10716)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#936507", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/936507" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + }, + { + "name": "oracle-perl-cgi-source(10716)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10716" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0211.json b/2003/0xxx/CVE-2003-0211.json index d9ea1f1dea7..81c731011f9 100644 --- a/2003/0xxx/CVE-2003-0211.json +++ b/2003/0xxx/CVE-2003-0211.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030418 Xinetd 2.3.10 Memory Leaks", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105068673220605&w=2" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537" - }, - { - "name" : "RHSA-2003:160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-160.html" - }, - { - "name" : "MDKSA-2003:056", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:056" - }, - { - "name" : "CLA-2003:782", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782" - }, - { - "name" : "oval:org.mitre.oval:def:657", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2003:782", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537" + }, + { + "name": "RHSA-2003:160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-160.html" + }, + { + "name": "oval:org.mitre.oval:def:657", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657" + }, + { + "name": "20030418 Xinetd 2.3.10 Memory Leaks", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105068673220605&w=2" + }, + { + "name": "MDKSA-2003:056", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:056" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0602.json b/2003/0xxx/CVE-2003-0602.json index 4b2165c954d..23fa7bbb26e 100644 --- a/2003/0xxx/CVE-2003-0602.json +++ b/2003/0xxx/CVE-2003-0602.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/2.16.2/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.16.2/" - }, - { - "name" : "CLA-2003:653", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653" - }, - { - "name" : "6861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6861" - }, - { - "name" : "6868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6861" + }, + { + "name": "CLA-2003:653", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653" + }, + { + "name": "6868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6868" + }, + { + "name": "http://www.bugzilla.org/security/2.16.2/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.16.2/" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0834.json b/2003/0xxx/CVE-2003-0834.json index 4a41e7eeae4..ca307aedefb 100644 --- a/2003/0xxx/CVE-2003-0834.json +++ b/2003/0xxx/CVE-2003-0834.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#575804", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/575804" - }, - { - "name" : "20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=false" - }, - { - "name" : "HPSBUX0311-297", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0047.html" - }, - { - "name" : "20040801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P" - }, - { - "name" : "57414", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414" - }, - { - "name" : "8973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8973" - }, - { - "name" : "oval:org.mitre.oval:def:5141", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5141", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141" + }, + { + "name": "HPSBUX0311-297", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2003-q4/0047.html" + }, + { + "name": "8973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8973" + }, + { + "name": "57414", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414" + }, + { + "name": "20040801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P" + }, + { + "name": "20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=false" + }, + { + "name": "VU#575804", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/575804" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0914.json b/2003/0xxx/CVE-2003-0914.json index e5f70c5b67e..68d62c599f4 100644 --- a/2003/0xxx/CVE-2003-0914.json +++ b/2003/0xxx/CVE-2003-0914.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-409", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-409" - }, - { - "name" : "57434", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434" - }, - { - "name" : "2003-0044", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt" - }, - { - "name" : "CSSA-2003-SCO.33", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt" - }, - { - "name" : "CSSA-2004-003.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt" - }, - { - "name" : "VU#734644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/734644" - }, - { - "name" : "oval:org.mitre.oval:def:2011", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011" - }, - { - "name" : "10542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57434", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434" + }, + { + "name": "CSSA-2004-003.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt" + }, + { + "name": "CSSA-2003-SCO.33", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt" + }, + { + "name": "2003-0044", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt" + }, + { + "name": "VU#734644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/734644" + }, + { + "name": "oval:org.mitre.oval:def:2011", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011" + }, + { + "name": "DSA-409", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-409" + }, + { + "name": "10542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10542" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1061.json b/2003/1xxx/CVE-2003-1061.json index 7768be0156a..a67a9cab7e1 100644 --- a/2003/1xxx/CVE-2003-1061.json +++ b/2003/1xxx/CVE-2003-1061.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57080", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57080-1" - }, - { - "name" : "8836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8836" - }, - { - "name" : "solaris-race-dos(13434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57080", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57080-1" + }, + { + "name": "8836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8836" + }, + { + "name": "solaris-race-dos(13434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13434" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1426.json b/2003/1xxx/CVE-2003-1426.json index 2c20daca74a..001be79c83a 100644 --- a/2003/1xxx/CVE-2003-1426.json +++ b/2003/1xxx/CVE-2003-1426.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html" - }, - { - "name" : "6885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6885" - }, - { - "name" : "cpanel-scriptfilename-gain-privileges(11357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6885" + }, + { + "name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html" + }, + { + "name": "cpanel-scriptfilename-gain-privileges(11357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0783.json b/2012/0xxx/CVE-2012-0783.json index 89a6082f955..2495f2c5349 100644 --- a/2012/0xxx/CVE-2012-0783.json +++ b/2012/0xxx/CVE-2012-0783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0925.json b/2012/0xxx/CVE-2012-0925.json index d9c880ebfd4..877e0341161 100644 --- a/2012/0xxx/CVE-2012-0925.json +++ b/2012/0xxx/CVE-2012-0925.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/02062012_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/02062012_player/en/" - }, - { - "name" : "51887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51887" - }, - { - "name" : "78914", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78914" - }, - { - "name" : "47896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47896" - }, - { - "name" : "realplayer-rv40-code-exec(73021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47896" + }, + { + "name": "realplayer-rv40-code-exec(73021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73021" + }, + { + "name": "http://service.real.com/realplayer/security/02062012_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/02062012_player/en/" + }, + { + "name": "51887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51887" + }, + { + "name": "78914", + "refsource": "OSVDB", + "url": "http://osvdb.org/78914" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1423.json b/2012/1xxx/CVE-2012-1423.json index 1a96899c3f3..d0875256f3b 100644 --- a/2012/1xxx/CVE-2012-1423.json +++ b/2012/1xxx/CVE-2012-1423.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "80393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80393" - }, - { - "name" : "80395", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80395" - }, - { - "name" : "80396", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80396" - }, - { - "name" : "80406", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80406" - }, - { - "name" : "80407", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80407" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80406", + "refsource": "OSVDB", + "url": "http://osvdb.org/80406" + }, + { + "name": "80393", + "refsource": "OSVDB", + "url": "http://osvdb.org/80393" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80396", + "refsource": "OSVDB", + "url": "http://osvdb.org/80396" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "80407", + "refsource": "OSVDB", + "url": "http://osvdb.org/80407" + }, + { + "name": "80395", + "refsource": "OSVDB", + "url": "http://osvdb.org/80395" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1601.json b/2012/1xxx/CVE-2012-1601.json index 74f39973e40..078f07327bb 100644 --- a/2012/1xxx/CVE-2012-1601.json +++ b/2012/1xxx/CVE-2012-1601.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/1" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=808199", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=808199" - }, - { - "name" : "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef" - }, - { - "name" : "DSA-2469", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2469" - }, - { - "name" : "RHSA-2012:0571", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0571.html" - }, - { - "name" : "RHSA-2012:0676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0676.html" - }, - { - "name" : "SUSE-SU-2012:1679", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "1026897", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026897" - }, - { - "name" : "49928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef" + }, + { + "name": "SUSE-SU-2012:1679", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" + }, + { + "name": "DSA-2469", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2469" + }, + { + "name": "[oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/30/1" + }, + { + "name": "RHSA-2012:0571", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0571.html" + }, + { + "name": "1026897", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026897" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "49928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49928" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=808199", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6" + }, + { + "name": "RHSA-2012:0676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1844.json b/2012/1xxx/CVE-2012-1844.json index f2e4ae80d1e..10c736e7233 100644 --- a/2012/1xxx/CVE-2012-1844.json +++ b/2012/1xxx/CVE-2012-1844.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MORO-8QNJLE", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MORO-8QNJLE" - }, - { - "name" : "VU#913483", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/913483" - }, - { - "name" : "80372", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80372" - }, - { - "name" : "scalar-default-account(74322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "scalar-default-account(74322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74322" + }, + { + "name": "VU#913483", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/913483" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY" + }, + { + "name": "80372", + "refsource": "OSVDB", + "url": "http://osvdb.org/80372" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MORO-8QNJLE", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MORO-8QNJLE" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4419.json b/2012/4xxx/CVE-2012-4419.json index dff5dce2fd4..c9ed7c45fbe 100644 --- a/2012/4xxx/CVE-2012-4419.json +++ b/2012/4xxx/CVE-2012-4419.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120912 Re: CVE id request: tor", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/09/13/2" - }, - { - "name" : "[tor-talk] 20120905 Tor 0.2.3.21-rc is out", - "refsource" : "MLIST", - "url" : "https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/6690", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/6690" - }, - { - "name" : "FEDORA-2012-14638", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html" - }, - { - "name" : "GLSA-201301-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-03.xml" - }, - { - "name" : "openSUSE-SU-2012:1278", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html" - }, - { - "name" : "50583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201301-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/6690", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/6690" + }, + { + "name": "[oss-security] 20120912 Re: CVE id request: tor", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/09/13/2" + }, + { + "name": "50583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50583" + }, + { + "name": "[tor-talk] 20120905 Tor 0.2.3.21-rc is out", + "refsource": "MLIST", + "url": "https://lists.torproject.org/pipermail/tor-talk/2012-September/025434.html" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes" + }, + { + "name": "FEDORA-2012-14638", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html" + }, + { + "name": "https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5" + }, + { + "name": "openSUSE-SU-2012:1278", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4661.json b/2012/4xxx/CVE-2012-4661.json index c0247d3741d..cffc5d49a7e 100644 --- a/2012/4xxx/CVE-2012-4661.json +++ b/2012/4xxx/CVE-2012-4661.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa" - }, - { - "name" : "20121010 Multiple Vulnerabilities in Cisco Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm" - }, - { - "name" : "55863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55863" - }, - { - "name" : "86146", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86146" - }, - { - "name" : "50857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50857" - }, - { - "name" : "cisco-fwsm-dcerpc-bo(79173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the DCERPC inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.3 before 8.3(2.34), 8.4 before 8.4(4.4), 8.5 before 8.5(1.13), and 8.6 before 8.6(1.3) and the Firewall Services Module (FWSM) 4.1 before 4.1(9) in Cisco Catalyst 6500 series switches and 7600 series routers might allow remote attackers to execute arbitrary code via a crafted DCERPC packet, aka Bug IDs CSCtr21359 and CSCtr27522." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55863" + }, + { + "name": "20121010 Multiple Vulnerabilities in Cisco Firewall Services Module", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-fwsm" + }, + { + "name": "50857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50857" + }, + { + "name": "86146", + "refsource": "OSVDB", + "url": "http://osvdb.org/86146" + }, + { + "name": "20121010 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-asa" + }, + { + "name": "cisco-fwsm-dcerpc-bo(79173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79173" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4707.json b/2012/4xxx/CVE-2012-4707.json index 91240481fd7..bd205010613 100644 --- a/2012/4xxx/CVE-2012-4707.json +++ b/2012/4xxx/CVE-2012-4707.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-050-01A" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4713.json b/2012/4xxx/CVE-2012-4713.json index 89c71372662..274c8174b7f 100644 --- a/2012/4xxx/CVE-2012-4713.json +++ b/2012/4xxx/CVE-2012-4713.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf" - }, - { - "name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599", - "refsource" : "CONFIRM", - "url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf" + }, + { + "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599", + "refsource": "CONFIRM", + "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5046.json b/2012/5xxx/CVE-2012-5046.json index 6ccd5d98c5b..b6c5e7be7e3 100644 --- a/2012/5xxx/CVE-2012-5046.json +++ b/2012/5xxx/CVE-2012-5046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5543.json b/2012/5xxx/CVE-2012-5543.json index db2d564d41a..f38f072c4e0 100644 --- a/2012/5xxx/CVE-2012-5543.json +++ b/2012/5xxx/CVE-2012-5543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1808832", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1808832" - }, - { - "name" : "http://drupalcode.org/project/feeds.git/commitdiff/a538c20", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/feeds.git/commitdiff/a538c20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/feeds.git/commitdiff/a538c20", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/feeds.git/commitdiff/a538c20" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + }, + { + "name": "http://drupal.org/node/1808832", + "refsource": "MISC", + "url": "http://drupal.org/node/1808832" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2249.json b/2017/2xxx/CVE-2017-2249.json index 100af842ac6..297d5bb4758 100644 --- a/2017/2xxx/CVE-2017-2249.json +++ b/2017/2xxx/CVE-2017-2249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Self-extracting archive files created by Lhaz+", - "version" : { - "version_data" : [ - { - "version_value" : "version 3.4.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Chitora soft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Self-extracting archive files created by Lhaz+", + "version": { + "version_data": [ + { + "version_value": "version 3.4.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Chitora soft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://chitora.com/jvn21369452.html", - "refsource" : "CONFIRM", - "url" : "http://chitora.com/jvn21369452.html" - }, - { - "name" : "JVN#21369452", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN21369452/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#21369452", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN21369452/index.html" + }, + { + "name": "http://chitora.com/jvn21369452.html", + "refsource": "CONFIRM", + "url": "http://chitora.com/jvn21369452.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2511.json b/2017/2xxx/CVE-2017-2511.json index b33e0cce91c..e269b99cfde 100644 --- a/2017/2xxx/CVE-2017-2511.json +++ b/2017/2xxx/CVE-2017-2511.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3129.json b/2017/3xxx/CVE-2017-3129.json index 24b422fc022..222e4ff65d8 100644 --- a/2017/3xxx/CVE-2017-3129.json +++ b/2017/3xxx/CVE-2017-3129.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-3129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiWeb", - "version" : { - "version_data" : [ - { - "version_value" : "FortiWeb versions 5.7.1 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Execute unauthorized code or commands" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-3129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiWeb", + "version": { + "version_data": [ + { + "version_value": "FortiWeb versions 5.7.1 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-076", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-076" - }, - { - "name" : "98382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98382" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-17-076", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-076" + }, + { + "name": "98382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98382" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3217.json b/2017/3xxx/CVE-2017-3217.json index 9a0d4e991c7..26afe6976ef 100644 --- a/2017/3xxx/CVE-2017-3217.json +++ b/2017/3xxx/CVE-2017-3217.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3217", - "STATE" : "PUBLIC", - "TITLE" : "CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LMU 3030 OBD-II", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "CDMA", - "version_value" : "CDMA" - }, - { - "affected" : "=", - "version_name" : "GSM", - "version_value" : "GSM" - } - ] - } - } - ] - }, - "vendor_name" : "CalAmp" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3217", + "STATE": "PUBLIC", + "TITLE": "CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LMU 3030 OBD-II", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "CDMA", + "version_value": "CDMA" + }, + { + "affected": "=", + "version_name": "GSM", + "version_value": "GSM" + } + ] + } + } + ] + }, + "vendor_name": "CalAmp" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#251927", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/251927" - }, - { - "name" : "98964", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/98964" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98964", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/98964" + }, + { + "name": "VU#251927", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/251927" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3346.json b/2017/3xxx/CVE-2017-3346.json index cbb59ab6048..d03b31ee7e9 100644 --- a/2017/3xxx/CVE-2017-3346.json +++ b/2017/3xxx/CVE-2017-3346.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3633.json b/2017/3xxx/CVE-2017-3633.json index afbc4cec767..0942e2ec34d 100644 --- a/2017/3xxx/CVE-2017-3633.json +++ b/2017/3xxx/CVE-2017-3633.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.36 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - }, - { - "product_name" : "Communications Policy Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.x" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.36 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + }, + { + "product_name": "Communications Policy Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.x" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "99722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99722" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "99722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99722" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3696.json b/2017/3xxx/CVE-2017-3696.json index f891a280b51..bcb5ff421ab 100644 --- a/2017/3xxx/CVE-2017-3696.json +++ b/2017/3xxx/CVE-2017-3696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6089.json b/2017/6xxx/CVE-2017-6089.json index daca512460e..67d2a05702b 100644 --- a/2017/6xxx/CVE-2017-6089.json +++ b/2017/6xxx/CVE-2017-6089.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42935", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42935/" - }, - { - "name" : "https://sysdream.com/news/lab/2017-09-29-cve-2017-6089-phpcollab-2-5-1-multiple-sql-injections-unauthenticated/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2017-09-29-cve-2017-6089-phpcollab-2-5-1-multiple-sql-injections-unauthenticated/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42935", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42935/" + }, + { + "name": "https://sysdream.com/news/lab/2017-09-29-cve-2017-6089-phpcollab-2-5-1-multiple-sql-injections-unauthenticated/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2017-09-29-cve-2017-6089-phpcollab-2-5-1-multiple-sql-injections-unauthenticated/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6116.json b/2017/6xxx/CVE-2017-6116.json index 125422afc3d..eda8da110a9 100644 --- a/2017/6xxx/CVE-2017-6116.json +++ b/2017/6xxx/CVE-2017-6116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6215.json b/2017/6xxx/CVE-2017-6215.json index 2b31008c742..feb64570066 100644 --- a/2017/6xxx/CVE-2017-6215.json +++ b/2017/6xxx/CVE-2017-6215.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/paypal/permissions-sdk-php/issues/19", - "refsource" : "CONFIRM", - "url" : "https://github.com/paypal/permissions-sdk-php/issues/19" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "paypal/permissions-sdk-php is vulnerable to reflected XSS in the samples/GetAccessToken.php verification_code parameter, resulting in code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/paypal/permissions-sdk-php/issues/19", + "refsource": "CONFIRM", + "url": "https://github.com/paypal/permissions-sdk-php/issues/19" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7628.json b/2017/7xxx/CVE-2017-7628.json index 90e923e12e4..00dc0c61a98 100644 --- a/2017/7xxx/CVE-2017-7628.json +++ b/2017/7xxx/CVE-2017-7628.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Smart related articles\" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://extensions.joomla.org/extension/smart-related-articles/", - "refsource" : "MISC", - "url" : "https://extensions.joomla.org/extension/smart-related-articles/" - }, - { - "name" : "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f", - "refsource" : "MISC", - "url" : "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f" - }, - { - "name" : "https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection", - "refsource" : "MISC", - "url" : "https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Smart related articles\" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://extensions.joomla.org/extension/smart-related-articles/", + "refsource": "MISC", + "url": "https://extensions.joomla.org/extension/smart-related-articles/" + }, + { + "name": "https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection", + "refsource": "MISC", + "url": "https://vel.joomla.org/live-vel/1952-smart-related-articles-1-1-sql-injection" + }, + { + "name": "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f", + "refsource": "MISC", + "url": "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10340.json b/2018/10xxx/CVE-2018-10340.json index 2c8d57c90c1..6caa5ae4e47 100644 --- a/2018/10xxx/CVE-2018-10340.json +++ b/2018/10xxx/CVE-2018-10340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10434.json b/2018/10xxx/CVE-2018-10434.json index f956a1bee7c..6ffe778ee08 100644 --- a/2018/10xxx/CVE-2018-10434.json +++ b/2018/10xxx/CVE-2018-10434.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10434", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10434", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10700.json b/2018/10xxx/CVE-2018-10700.json index 6397082220c..8780ad11bd9 100644 --- a/2018/10xxx/CVE-2018-10700.json +++ b/2018/10xxx/CVE-2018-10700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10703.json b/2018/10xxx/CVE-2018-10703.json index 2fdbfe40d0e..dcb2bf4678a 100644 --- a/2018/10xxx/CVE-2018-10703.json +++ b/2018/10xxx/CVE-2018-10703.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10703", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10703", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14164.json b/2018/14xxx/CVE-2018-14164.json index a4573e5fb09..0821c89e8a7 100644 --- a/2018/14xxx/CVE-2018-14164.json +++ b/2018/14xxx/CVE-2018-14164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14179.json b/2018/14xxx/CVE-2018-14179.json index 0257d82730c..a3c008790cf 100644 --- a/2018/14xxx/CVE-2018-14179.json +++ b/2018/14xxx/CVE-2018-14179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17570.json b/2018/17xxx/CVE-2018-17570.json index 0a42f9d4c3c..bb3b4f892fb 100644 --- a/2018/17xxx/CVE-2018-17570.json +++ b/2018/17xxx/CVE-2018-17570.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-515c81af848352583bff286d6224875f", - "refsource" : "MISC", - "url" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-515c81af848352583bff286d6224875f" - }, - { - "name" : "https://github.com/viabtc/viabtc_exchange_server/pull/131", - "refsource" : "MISC", - "url" : "https://github.com/viabtc/viabtc_exchange_server/pull/131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utils/ut_ws_svr.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/viabtc/viabtc_exchange_server/pull/131", + "refsource": "MISC", + "url": "https://github.com/viabtc/viabtc_exchange_server/pull/131" + }, + { + "name": "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-515c81af848352583bff286d6224875f", + "refsource": "MISC", + "url": "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-515c81af848352583bff286d6224875f" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17738.json b/2018/17xxx/CVE-2018-17738.json index 8f4ca8e5a75..8f0506c571e 100644 --- a/2018/17xxx/CVE-2018-17738.json +++ b/2018/17xxx/CVE-2018-17738.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17738", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17738", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17761.json b/2018/17xxx/CVE-2018-17761.json index ec52bec5ada..44d6d5050a3 100644 --- a/2018/17xxx/CVE-2018-17761.json +++ b/2018/17xxx/CVE-2018-17761.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17761", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17761", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20064.json b/2018/20xxx/CVE-2018-20064.json index c749086d723..9b19d4b3d40 100644 --- a/2018/20xxx/CVE-2018-20064.json +++ b/2018/20xxx/CVE-2018-20064.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/doorgets/CMS/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/doorgets/CMS/issues/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/doorgets/CMS/issues/12", + "refsource": "MISC", + "url": "https://github.com/doorgets/CMS/issues/12" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20449.json b/2018/20xxx/CVE-2018-20449.json index c7b6c5c40c8..53aea3b255e 100644 --- a/2018/20xxx/CVE-2018-20449.json +++ b/2018/20xxx/CVE-2018-20449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20704.json b/2018/20xxx/CVE-2018-20704.json index 709983d0bbb..3e5418f050a 100644 --- a/2018/20xxx/CVE-2018-20704.json +++ b/2018/20xxx/CVE-2018-20704.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20704", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20704", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9028.json b/2018/9xxx/CVE-2018-9028.json index ed27dc9bae1..89c69f3b779 100644 --- a/2018/9xxx/CVE-2018-9028.json +++ b/2018/9xxx/CVE-2018-9028.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-06-14T00:00:00", - "ID" : "CVE-2018-9028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA Privileged Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.x" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak Cryptography for Passwords" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-06-14T00:00:00", + "ID": "CVE-2018-9028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA Privileged Access Manager", + "version": { + "version_data": [ + { + "version_value": "2.x" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" - }, - { - "name" : "104496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak Cryptography for Passwords" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104496" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9078.json b/2018/9xxx/CVE-2018-9078.json index 549afad5ef7..1d51755c817 100644 --- a/2018/9xxx/CVE-2018-9078.json +++ b/2018/9xxx/CVE-2018-9078.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2018-9078", - "STATE" : "PUBLIC", - "TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Iomega StorCenter", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "4.1.402.34662", - "version_value" : "4.1.402.34662" - } - ] - } - }, - { - "product_name" : "LenovoEMC", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "4.1.402.34662", - "version_value" : "4.1.402.34662" - } - ] - } - }, - { - "product_name" : "EZ Media and Backup Center", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "4.1.402.34662", - "version_value" : "4.1.402.34662" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group LTD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SVG" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2018-9078", + "STATE": "PUBLIC", + "TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Iomega StorCenter", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "4.1.402.34662", + "version_value": "4.1.402.34662" + } + ] + } + }, + { + "product_name": "LenovoEMC", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "4.1.402.34662", + "version_value": "4.1.402.34662" + } + ] + } + }, + { + "product_name": "EZ Media and Backup Center", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "4.1.402.34662", + "version_value": "4.1.402.34662" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group LTD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-24224", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-24224" - } - ] - }, - "source" : { - "advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SVG" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-24224", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-24224" + } + ] + }, + "source": { + "advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9286.json b/2018/9xxx/CVE-2018-9286.json index fa46c6f33fa..f35dcf4f2fe 100644 --- a/2018/9xxx/CVE-2018-9286.json +++ b/2018/9xxx/CVE-2018-9286.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9286", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9286", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9364.json b/2018/9xxx/CVE-2018-9364.json index 13466accbfa..3ef3ebaa100 100644 --- a/2018/9xxx/CVE-2018-9364.json +++ b/2018/9xxx/CVE-2018-9364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9918.json b/2018/9xxx/CVE-2018-9918.json index a1c5e9b7615..07fdba95575 100644 --- a/2018/9xxx/CVE-2018-9918.json +++ b/2018/9xxx/CVE-2018-9918.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223" - }, - { - "name" : "https://github.com/qpdf/qpdf/issues/202", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/issues/202" - }, - { - "name" : "USN-3638-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3638-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3638-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3638-1/" + }, + { + "name": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223" + }, + { + "name": "https://github.com/qpdf/qpdf/issues/202", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/issues/202" + } + ] + } +} \ No newline at end of file