From dda74bcb7b82d3cfee79d9171bb24ce5f3fa419f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:42:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0218.json | 170 +++++++-------- 2002/1xxx/CVE-2002-1087.json | 130 ++++++------ 2002/1xxx/CVE-2002-1318.json | 280 ++++++++++++------------- 2002/1xxx/CVE-2002-1372.json | 210 +++++++++---------- 2002/1xxx/CVE-2002-1440.json | 140 ++++++------- 2002/1xxx/CVE-2002-1726.json | 150 +++++++------- 2003/0xxx/CVE-2003-0260.json | 140 ++++++------- 2003/0xxx/CVE-2003-0505.json | 130 ++++++------ 2003/0xxx/CVE-2003-0877.json | 150 +++++++------- 2003/1xxx/CVE-2003-1354.json | 160 +++++++------- 2003/1xxx/CVE-2003-1357.json | 150 +++++++------- 2003/1xxx/CVE-2003-1541.json | 170 +++++++-------- 2003/1xxx/CVE-2003-1601.json | 34 +-- 2012/0xxx/CVE-2012-0423.json | 34 +-- 2012/0xxx/CVE-2012-0843.json | 34 +-- 2012/0xxx/CVE-2012-0917.json | 160 +++++++------- 2012/1xxx/CVE-2012-1096.json | 34 +-- 2012/1xxx/CVE-2012-1128.json | 270 ++++++++++++------------ 2012/1xxx/CVE-2012-1908.json | 120 +++++------ 2012/1xxx/CVE-2012-1929.json | 180 ++++++++-------- 2012/4xxx/CVE-2012-4007.json | 130 ++++++------ 2012/4xxx/CVE-2012-4067.json | 130 ++++++------ 2012/4xxx/CVE-2012-4274.json | 130 ++++++------ 2012/5xxx/CVE-2012-5169.json | 180 ++++++++-------- 2012/5xxx/CVE-2012-5544.json | 140 ++++++------- 2012/5xxx/CVE-2012-5871.json | 34 +-- 2017/2xxx/CVE-2017-2331.json | 130 ++++++------ 2017/2xxx/CVE-2017-2710.json | 132 ++++++------ 2017/3xxx/CVE-2017-3736.json | 368 ++++++++++++++++----------------- 2017/3xxx/CVE-2017-3850.json | 140 ++++++------- 2017/3xxx/CVE-2017-3933.json | 132 ++++++------ 2017/6xxx/CVE-2017-6382.json | 34 +-- 2017/6xxx/CVE-2017-6447.json | 34 +-- 2017/6xxx/CVE-2017-6589.json | 120 +++++------ 2017/6xxx/CVE-2017-6852.json | 130 ++++++------ 2017/7xxx/CVE-2017-7342.json | 34 +-- 2017/7xxx/CVE-2017-7458.json | 130 ++++++------ 2017/7xxx/CVE-2017-7523.json | 122 +++++------ 2017/7xxx/CVE-2017-7646.json | 120 +++++------ 2017/7xxx/CVE-2017-7699.json | 34 +-- 2018/10xxx/CVE-2018-10207.json | 120 +++++------ 2018/10xxx/CVE-2018-10675.json | 280 ++++++++++++------------- 2018/14xxx/CVE-2018-14708.json | 120 +++++------ 2018/17xxx/CVE-2018-17028.json | 34 +-- 2018/17xxx/CVE-2018-17193.json | 120 +++++------ 2018/17xxx/CVE-2018-17217.json | 120 +++++------ 2018/17xxx/CVE-2018-17290.json | 34 +-- 2018/20xxx/CVE-2018-20055.json | 34 +-- 2018/20xxx/CVE-2018-20133.json | 120 +++++------ 2018/20xxx/CVE-2018-20310.json | 34 +-- 2018/9xxx/CVE-2018-9106.json | 130 ++++++------ 2018/9xxx/CVE-2018-9617.json | 34 +-- 2018/9xxx/CVE-2018-9642.json | 34 +-- 53 files changed, 3232 insertions(+), 3232 deletions(-) diff --git a/2002/0xxx/CVE-2002-0218.json b/2002/0xxx/CVE-2002-0218.json index 9ead968ee50..1dc17579d92 100644 --- a/2002/0xxx/CVE-2002-0218.json +++ b/2002/0xxx/CVE-2002-0218.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020129 sastcpd Buffer Overflow and Format String Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/252891" - }, - { - "name" : "20020129 sastcpd Buffer Overflow and Format String Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html" - }, - { - "name" : "20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/252847" - }, - { - "name" : "http://www.sas.com/service/techsup/unotes/SN/004/004201.html", - "refsource" : "MISC", - "url" : "http://www.sas.com/service/techsup/unotes/SN/004/004201.html" - }, - { - "name" : "3980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3980" - }, - { - "name" : "sas-sastcpd-spawner-format-string(8018)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8018.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3980" + }, + { + "name": "http://www.sas.com/service/techsup/unotes/SN/004/004201.html", + "refsource": "MISC", + "url": "http://www.sas.com/service/techsup/unotes/SN/004/004201.html" + }, + { + "name": "20020129 Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/252847" + }, + { + "name": "sas-sastcpd-spawner-format-string(8018)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8018.php" + }, + { + "name": "20020129 sastcpd Buffer Overflow and Format String Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/252891" + }, + { + "name": "20020129 sastcpd Buffer Overflow and Format String Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0032.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1087.json b/2002/1xxx/CVE-2002-1087.json index e388bd24e9f..69ae940c9b0 100644 --- a/2002/1xxx/CVE-2002-1087.json +++ b/2002/1xxx/CVE-2002-1087.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020725 [VulnWatch] ezContents multiple vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" - }, - { - "name" : "20020725 ezContents multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/284229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020725 ezContents multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/284229" + }, + { + "name": "20020725 [VulnWatch] ezContents multiple vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1318.json b/2002/1xxx/CVE-2002-1318.json index f8612ce64ac..d3feaa21a76 100644 --- a/2002/1xxx/CVE-2002-1318.json +++ b/2002/1xxx/CVE-2002-1318.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://us1.samba.org/samba/whatsnew/samba-2.2.7.html", - "refsource" : "CONFIRM", - "url" : "http://us1.samba.org/samba/whatsnew/samba-2.2.7.html" - }, - { - "name" : "CLA-2002:550", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550" - }, - { - "name" : "DSA-200", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-200" - }, - { - "name" : "HPSBUX0212-230", - "refsource" : "HP", - "url" : "http://www.ciac.org/ciac/bulletins/n-023.shtml" - }, - { - "name" : "MDKSA-2002:081", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php" - }, - { - "name" : "RHSA-2002:266", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-266.html" - }, - { - "name" : "20021204-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I" - }, - { - "name" : "53580", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580" - }, - { - "name" : "SuSE-SA:2002:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_045_samba.html" - }, - { - "name" : "20021121 GLSA: samba", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103801986818076&w=2" - }, - { - "name" : "20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103859045302448&w=2" - }, - { - "name" : "VU#958321", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/958321" - }, - { - "name" : "N-019", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-019.shtml" - }, - { - "name" : "N-023", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-023.shtml" - }, - { - "name" : "6210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6210" - }, - { - "name" : "oval:org.mitre.oval:def:1467", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467" - }, - { - "name" : "samba-password-change-bo(10683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1467", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467" + }, + { + "name": "VU#958321", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/958321" + }, + { + "name": "CLA-2002:550", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550" + }, + { + "name": "samba-password-change-bo(10683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10683" + }, + { + "name": "SuSE-SA:2002:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_045_samba.html" + }, + { + "name": "http://us1.samba.org/samba/whatsnew/samba-2.2.7.html", + "refsource": "CONFIRM", + "url": "http://us1.samba.org/samba/whatsnew/samba-2.2.7.html" + }, + { + "name": "20021121 GLSA: samba", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103801986818076&w=2" + }, + { + "name": "DSA-200", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-200" + }, + { + "name": "HPSBUX0212-230", + "refsource": "HP", + "url": "http://www.ciac.org/ciac/bulletins/n-023.shtml" + }, + { + "name": "20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103859045302448&w=2" + }, + { + "name": "N-019", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-019.shtml" + }, + { + "name": "6210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6210" + }, + { + "name": "RHSA-2002:266", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-266.html" + }, + { + "name": "53580", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580" + }, + { + "name": "20021204-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I" + }, + { + "name": "N-023", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-023.shtml" + }, + { + "name": "MDKSA-2002:081", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1372.json b/2002/1xxx/CVE-2002-1372.json index aa60f27acd5..7774826bcae 100644 --- a/2002/1xxx/CVE-2002-1372.json +++ b/2002/1xxx/CVE-2002-1372.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2" - }, - { - "name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" - }, - { - "name" : "http://www.idefense.com/advisory/12.19.02.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/12.19.02.txt" - }, - { - "name" : "CLSA-2003:702", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" - }, - { - "name" : "DSA-232", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-232" - }, - { - "name" : "MDKSA-2003:001", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" - }, - { - "name" : "RHSA-2002:295", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" - }, - { - "name" : "SuSE-SA:2003:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" - }, - { - "name" : "6440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6440" - }, - { - "name" : "cups-file-descriptor-dos(10912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" + }, + { + "name": "CLSA-2003:702", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" + }, + { + "name": "DSA-232", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-232" + }, + { + "name": "SuSE-SA:2003:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html" + }, + { + "name": "http://www.idefense.com/advisory/12.19.02.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/12.19.02.txt" + }, + { + "name": "RHSA-2002:295", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html" + }, + { + "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2" + }, + { + "name": "MDKSA-2003:001", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" + }, + { + "name": "6440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6440" + }, + { + "name": "cups-file-descriptor-dos(10912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10912" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1440.json b/2002/1xxx/CVE-2002-1440.json index 51ee6c32087..8b245402264 100644 --- a/2002/1xxx/CVE-2002-1440.json +++ b/2002/1xxx/CVE-2002-1440.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1440", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gateway GS-400 server has a default root password of \"0001n\" that can not be changed via the administrative interface, which can allow attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020814 Trivial root compromise in Gateway GS-400 NAS Servers", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html" - }, - { - "name" : "gateway-gs400-default-password(9864)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9864.php" - }, - { - "name" : "5472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gateway GS-400 server has a default root password of \"0001n\" that can not be changed via the administrative interface, which can allow attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5472" + }, + { + "name": "20020814 Trivial root compromise in Gateway GS-400 NAS Servers", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html" + }, + { + "name": "gateway-gs400-default-password(9864)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9864.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1726.json b/2002/1xxx/CVE-2002-1726.json index 7706adbc2e4..1f3c4a65d15 100644 --- a/2002/1xxx/CVE-2002-1726.json +++ b/2002/1xxx/CVE-2002-1726.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/270970" - }, - { - "name" : "http://www.ifrance.com/kitetoua/tuto/5holes4.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/5holes4.txt" - }, - { - "name" : "photodb-admin-access(9002)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9002" - }, - { - "name" : "4669", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authentication via a URL with a large Time parameter, non-empty rmtusername and rmtpassword parameter, and an accesslevel parameter that is lower than the access level of the requested page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/270970" + }, + { + "name": "photodb-admin-access(9002)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9002" + }, + { + "name": "4669", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4669" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/5holes4.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/5holes4.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0260.json b/2003/0xxx/CVE-2003-0260.json index 0e1c2e12e6b..5ed632e54eb 100644 --- a/2003/0xxx/CVE-2003-0260.json +++ b/2003/0xxx/CVE-2003-0260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml" - }, - { - "name" : "VU#221164", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/221164" - }, - { - "name" : "cisco-vpn-icmp-dos(11956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-vpn-icmp-dos(11956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11956" + }, + { + "name": "VU#221164", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/221164" + }, + { + "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0505.json b/2003/0xxx/CVE-2003-0505.json index 3fd917770db..3de3d0febf5 100644 --- a/2003/0xxx/CVE-2003-0505.json +++ b/2003/0xxx/CVE-2003-0505.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via \"..\\..\" (dot dot) sequences in a file transfer request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105716650021546&w=2" - }, - { - "name" : "7931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7931" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via \"..\\..\" (dot dot) sequences in a file transfer request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7931" + }, + { + "name": "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105716650021546&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0877.json b/2003/0xxx/CVE-2003-0877.json index 2224bb8a9f3..f414380c36c 100644 --- a/2003/0xxx/CVE-2003-0877.json +++ b/2003/0xxx/CVE-2003-0877.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A102803-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a102803-1.txt" - }, - { - "name" : "8914", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8914" - }, - { - "name" : "8917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8917" - }, - { - "name" : "macos-core-files-symlink(13542)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macos-core-files-symlink(13542)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13542" + }, + { + "name": "8917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8917" + }, + { + "name": "A102803-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a102803-1.txt" + }, + { + "name": "8914", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8914" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1354.json b/2003/1xxx/CVE-2003-1354.json index c803fb29e41..8c2c47c2bcd 100644 --- a/2003/1xxx/CVE-2003-1354.json +++ b/2003/1xxx/CVE-2003-1354.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030122 PivX Multi-Vendor Game Server dDoS Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2003/Jan/0178.html" - }, - { - "name" : "http://www.pivx.com/kristovich/adv/mk001/", - "refsource" : "MISC", - "url" : "http://www.pivx.com/kristovich/adv/mk001/" - }, - { - "name" : "http://www.securiteam.com/securitynews/5EP0O0K8UO.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5EP0O0K8UO.html" - }, - { - "name" : "6636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6636" - }, - { - "name" : "battlefield-udp-query-dos(11084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/securitynews/5EP0O0K8UO.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5EP0O0K8UO.html" + }, + { + "name": "battlefield-udp-query-dos(11084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11084" + }, + { + "name": "6636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6636" + }, + { + "name": "20030122 PivX Multi-Vendor Game Server dDoS Advisory", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2003/Jan/0178.html" + }, + { + "name": "http://www.pivx.com/kristovich/adv/mk001/", + "refsource": "MISC", + "url": "http://www.pivx.com/kristovich/adv/mk001/" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1357.json b/2003/1xxx/CVE-2003-1357.json index d26c25b2969..79888d72606 100644 --- a/2003/1xxx/CVE-2003-1357.json +++ b/2003/1xxx/CVE-2003-1357.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030128 ProxyView default undocumented password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/308733" - }, - { - "name" : "6708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6708" - }, - { - "name" : "3228", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3228" - }, - { - "name" : "proxyview-administrator-default-password(11185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "proxyview-administrator-default-password(11185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11185" + }, + { + "name": "3228", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3228" + }, + { + "name": "6708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6708" + }, + { + "name": "20030128 ProxyView default undocumented password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/308733" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1541.json b/2003/1xxx/CVE-2003-1541.json index 7c00877273c..3092713bcf4 100644 --- a/2003/1xxx/CVE-2003-1541.json +++ b/2003/1xxx/CVE-2003-1541.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030321 Guestbook tr3.a", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/315895/30/25400/threaded" - }, - { - "name" : "7167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7167" - }, - { - "name" : "1006360", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006360" - }, - { - "name" : "8392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8392" - }, - { - "name" : "3653", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3653" - }, - { - "name" : "guestbooktr3a-plaintext-password-disclosure(11609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "guestbooktr3a-plaintext-password-disclosure(11609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11609" + }, + { + "name": "1006360", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006360" + }, + { + "name": "3653", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3653" + }, + { + "name": "7167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7167" + }, + { + "name": "20030321 Guestbook tr3.a", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/315895/30/25400/threaded" + }, + { + "name": "8392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8392" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1601.json b/2003/1xxx/CVE-2003-1601.json index eaed00cd5b4..8895f1c427e 100644 --- a/2003/1xxx/CVE-2003-1601.json +++ b/2003/1xxx/CVE-2003-1601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1601", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1601", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0423.json b/2012/0xxx/CVE-2012-0423.json index 4eb04b43a0d..ac8a9e1f2c7 100644 --- a/2012/0xxx/CVE-2012-0423.json +++ b/2012/0xxx/CVE-2012-0423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0843.json b/2012/0xxx/CVE-2012-0843.json index 83f1b6393ab..2ea5c1f95c0 100644 --- a/2012/0xxx/CVE-2012-0843.json +++ b/2012/0xxx/CVE-2012-0843.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0843", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0843", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0917.json b/2012/0xxx/CVE-2012-0917.json index b6f0b91a84d..056c420a5b1 100644 --- a/2012/0xxx/CVE-2012-0917.json +++ b/2012/0xxx/CVE-2012-0917.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html" - }, - { - "name" : "51340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51340" - }, - { - "name" : "78221", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78221" - }, - { - "name" : "47467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47467" - }, - { - "name" : "hitachi-it-unspecified-xss(72248)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47467" + }, + { + "name": "78221", + "refsource": "OSVDB", + "url": "http://osvdb.org/78221" + }, + { + "name": "51340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51340" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html" + }, + { + "name": "hitachi-it-unspecified-xss(72248)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72248" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1096.json b/2012/1xxx/CVE-2012-1096.json index 182eba78276..5aa5bbe4b3b 100644 --- a/2012/1xxx/CVE-2012-1096.json +++ b/2012/1xxx/CVE-2012-1096.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1096", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1096", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1128.json b/2012/1xxx/CVE-2012-1128.json index cdf7893c4b8..237c961c7c7 100644 --- a/2012/1xxx/CVE-2012-1128.json +++ b/2012/1xxx/CVE-2012-1128.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/16" - }, - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800584", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800584" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201204-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-04.xml" - }, - { - "name" : "MDVSA-2012:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" - }, - { - "name" : "SUSE-SU-2012:0484", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" - }, - { - "name" : "USN-1403-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1403-1" - }, - { - "name" : "52318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52318" - }, - { - "name" : "1026765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026765" - }, - { - "name" : "48822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48822" - }, - { - "name" : "48973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48973" - }, - { - "name" : "48508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48508" + }, + { + "name": "48822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48822" + }, + { + "name": "MDVSA-2012:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "52318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52318" + }, + { + "name": "USN-1403-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1403-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" + }, + { + "name": "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/16" + }, + { + "name": "SUSE-SU-2012:0484", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" + }, + { + "name": "48973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48973" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=800584", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800584" + }, + { + "name": "1026765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026765" + }, + { + "name": "openSUSE-SU-2012:0489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" + }, + { + "name": "GLSA-201204-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1908.json b/2012/1xxx/CVE-2012-1908.json index fa57e084986..c5697fa8e1e 100644 --- a/2012/1xxx/CVE-2012-1908.json +++ b/2012/1xxx/CVE-2012-1908.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAGTK#38585", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAGTK#38585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAGTK#38585", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAGTK#38585" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1929.json b/2012/1xxx/CVE-2012-1929.json index 1038d64a848..232c4475fdd 100644 --- a/2012/1xxx/CVE-2012-1929.json +++ b/2012/1xxx/CVE-2012-1929.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1162/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1009/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1009/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1162/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1013/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1013/" - }, - { - "name" : "openSUSE-SU-2012:0610", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" - }, - { - "name" : "48535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48535" - }, - { - "name" : "opera-dialogs-spoofing(74352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/mac/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1162/" + }, + { + "name": "http://www.opera.com/support/kb/view/1013/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1013/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1162/" + }, + { + "name": "openSUSE-SU-2012:0610", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" + }, + { + "name": "http://www.opera.com/support/kb/view/1009/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1009/" + }, + { + "name": "48535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48535" + }, + { + "name": "opera-dialogs-spoofing(74352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74352" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4007.json b/2012/4xxx/CVE-2012-4007.json index 9d3c08d7340..0344ca5d6b3 100644 --- a/2012/4xxx/CVE-2012-4007.json +++ b/2012/4xxx/CVE-2012-4007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#92038939", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN92038939/index.html" - }, - { - "name" : "JVNDB-2012-000078", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000078", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000078" + }, + { + "name": "JVN#92038939", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN92038939/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4067.json b/2012/4xxx/CVE-2012-4067.json index 7b5b247f4c3..ff22c7e3aeb 100644 --- a/2012/4xxx/CVE-2012-4067.json +++ b/2012/4xxx/CVE-2012-4067.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eucalyptus.com/resources/security/advisories/esa-09", - "refsource" : "CONFIRM", - "url" : "http://www.eucalyptus.com/resources/security/advisories/esa-09" - }, - { - "name" : "https://eucalyptus.atlassian.net/browse/EUCA-5277", - "refsource" : "CONFIRM", - "url" : "https://eucalyptus.atlassian.net/browse/EUCA-5277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://eucalyptus.atlassian.net/browse/EUCA-5277", + "refsource": "CONFIRM", + "url": "https://eucalyptus.atlassian.net/browse/EUCA-5277" + }, + { + "name": "http://www.eucalyptus.com/resources/security/advisories/esa-09", + "refsource": "CONFIRM", + "url": "http://www.eucalyptus.com/resources/security/advisories/esa-09" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4274.json b/2012/4xxx/CVE-2012-4274.json index cb2248dec16..fd3d906f4fb 100644 --- a/2012/4xxx/CVE-2012-4274.json +++ b/2012/4xxx/CVE-2012-4274.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html" - }, - { - "name" : "49158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49158" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5169.json b/2012/5xxx/CVE-2012-5169.json index 6735cadbd22..7a6afac8d56 100644 --- a/2012/5xxx/CVE-2012-5169.json +++ b/2012/5xxx/CVE-2012-5169.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121017 Multiple vulnerabilities in AContent", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23117", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23117" - }, - { - "name" : "http://update.atutor.ca/acontent/patch/1_2/", - "refsource" : "CONFIRM", - "url" : "http://update.atutor.ca/acontent/patch/1_2/" - }, - { - "name" : "56100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56100" - }, - { - "name" : "86426", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86426" - }, - { - "name" : "51034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51034" - }, - { - "name" : "acontent-previewtop-xss(79463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56100" + }, + { + "name": "20121017 Multiple vulnerabilities in AContent", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html" + }, + { + "name": "http://update.atutor.ca/acontent/patch/1_2/", + "refsource": "CONFIRM", + "url": "http://update.atutor.ca/acontent/patch/1_2/" + }, + { + "name": "acontent-previewtop-xss(79463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79463" + }, + { + "name": "86426", + "refsource": "OSVDB", + "url": "http://osvdb.org/86426" + }, + { + "name": "51034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51034" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23117", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23117" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5544.json b/2012/5xxx/CVE-2012-5544.json index fe9d04642b4..4d4954e42f3 100644 --- a/2012/5xxx/CVE-2012-5544.json +++ b/2012/5xxx/CVE-2012-5544.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1808846", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1808846" - }, - { - "name" : "http://drupal.org/node/1807894", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1807894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1808846", + "refsource": "MISC", + "url": "http://drupal.org/node/1808846" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + }, + { + "name": "http://drupal.org/node/1807894", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1807894" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5871.json b/2012/5xxx/CVE-2012-5871.json index 20f02165c2f..3f53bf9625c 100644 --- a/2012/5xxx/CVE-2012-5871.json +++ b/2012/5xxx/CVE-2012-5871.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5871", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5871", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2331.json b/2017/2xxx/CVE-2017-2331.json index 6c9aefcdfec..e83461706cf 100644 --- a/2017/2xxx/CVE-2017-2331.json +++ b/2017/2xxx/CVE-2017-2331.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NorthStar Controller Application", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.1.0 Service Pack 1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "firewall bypass" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NorthStar Controller Application", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.1.0 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10783", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10783" - }, - { - "name" : "97619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and denials of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "firewall bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10783", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10783" + }, + { + "name": "97619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97619" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2710.json b/2017/2xxx/CVE-2017-2710.json index 449197c9f21..185f980893a 100644 --- a/2017/2xxx/CVE-2017-2710.json +++ b/2017/2xxx/CVE-2017-2710.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Beethoven-W09A, CRR-L09", - "version" : { - "version_data" : [ - { - "version_value" : "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "FRP Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Beethoven-W09A, CRR-L09", + "version": { + "version_data": [ + { + "version_value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029,Earlier than BTV-W09C100B006CUSTC100D002 versions,Earlier than BTV-W09C128B003CUSTC128D002 versions,Earlier than BTV-W09C199B002CUSTC199D002 versions,Earlier than BTV-W09C209B005CUSTC209D001 versions,Earlier than BTV-W09C331B002CUSTC331D001 versions,Earlier than CRR-L09C432B390 versions,Earlier than CRR-L09C605B355CUSTC605D003 versions," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en" - }, - { - "name" : "98712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "FRP Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170524-01-frp-en" + }, + { + "name": "98712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98712" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3736.json b/2017/3xxx/CVE-2017-3736.json index 038040a2662..5323fe19acf 100644 --- a/2017/3xxx/CVE-2017-3736.json +++ b/2017/3xxx/CVE-2017-3736.json @@ -1,186 +1,186 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2017-11-02T00:00:00", - "ID" : "CVE-2017-3736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.0 - 1.1.0f" - }, - { - "version_value" : "1.0.2 - 1.0.2l" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "carry-propagating bug" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2017-11-02T00:00:00", + "ID": "CVE-2017-3736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "1.1.0 - 1.1.0f" + }, + { + "version_value": "1.0.2 - 1.0.2l" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871", - "refsource" : "MISC", - "url" : "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871" - }, - { - "name" : "https://www.openssl.org/news/secadv/20171102.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20171102.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171107-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171107-0002/" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-14", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-14" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-15", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-15" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "DSA-4017", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4017" - }, - { - "name" : "DSA-4018", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4018" - }, - { - "name" : "FreeBSD-SA-17:11", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc" - }, - { - "name" : "GLSA-201712-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-03" - }, - { - "name" : "RHSA-2018:0998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0998" - }, - { - "name" : "RHSA-2018:2185", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2185" - }, - { - "name" : "RHSA-2018:2186", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2186" - }, - { - "name" : "RHSA-2018:2187", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2187" - }, - { - "name" : "RHSA-2018:2568", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2568" - }, - { - "name" : "RHSA-2018:2575", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2575" - }, - { - "name" : "RHSA-2018:2713", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2713" - }, - { - "name" : "101666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101666" - }, - { - "name" : "1039727", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "carry-propagating bug" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171107-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171107-0002/" + }, + { + "name": "RHSA-2018:2185", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2185" + }, + { + "name": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871", + "refsource": "MISC", + "url": "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871" + }, + { + "name": "RHSA-2018:2186", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2186" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "RHSA-2018:2713", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2713" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "DSA-4018", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4018" + }, + { + "name": "GLSA-201712-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-03" + }, + { + "name": "RHSA-2018:0998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0998" + }, + { + "name": "RHSA-2018:2575", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2575" + }, + { + "name": "https://www.tenable.com/security/tns-2017-15", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-15" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "101666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101666" + }, + { + "name": "RHSA-2018:2568", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2568" + }, + { + "name": "https://www.openssl.org/news/secadv/20171102.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20171102.txt" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "DSA-4017", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4017" + }, + { + "name": "https://www.tenable.com/security/tns-2017-14", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-14" + }, + { + "name": "FreeBSD-SA-17:11", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:11.openssl.asc" + }, + { + "name": "1039727", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039727" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03881en_us" + }, + { + "name": "RHSA-2018:2187", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2187" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3850.json b/2017/3xxx/CVE-2017-3850.json index 010fdec8f4f..fef603ab4f2 100644 --- a/2017/3xxx/CVE-2017-3850.json +++ b/2017/3xxx/CVE-2017-3850.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20 Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6" - }, - { - "name" : "96971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96971" - }, - { - "name" : "1038065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6" + }, + { + "name": "1038065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038065" + }, + { + "name": "96971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96971" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3933.json b/2017/3xxx/CVE-2017-3933.json index 0e462b50e11..290bde494f0 100644 --- a/2017/3xxx/CVE-2017-3933.json +++ b/2017/3xxx/CVE-2017-3933.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-09-14T00:00:00", - "ID" : "CVE-2017-3933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Data Loss Prevention", - "version" : { - "version_data" : [ - { - "version_value" : "9.3.X" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Embedding Script (XSS) in HTTP Headers vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-09-14T00:00:00", + "ID": "CVE-2017-3933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Data Loss Prevention", + "version": { + "version_data": [ + { + "version_value": "9.3.X" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" - }, - { - "name" : "101628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Embedding Script (XSS) in HTTP Headers vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101628" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10198" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6382.json b/2017/6xxx/CVE-2017-6382.json index c2da1cec51d..cce5fdc1510 100644 --- a/2017/6xxx/CVE-2017-6382.json +++ b/2017/6xxx/CVE-2017-6382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6447.json b/2017/6xxx/CVE-2017-6447.json index 0fcd764287d..39005b72d00 100644 --- a/2017/6xxx/CVE-2017-6447.json +++ b/2017/6xxx/CVE-2017-6447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6447", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6447", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6589.json b/2017/6xxx/CVE-2017-6589.json index f815be952c5..b9910346840 100644 --- a/2017/6xxx/CVE-2017-6589.json +++ b/2017/6xxx/CVE-2017-6589.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bad.code.blog/2017/03/09/epiceditor-cross-site-scripting/", - "refsource" : "MISC", - "url" : "https://bad.code.blog/2017/03/09/epiceditor-cross-site-scripting/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bad.code.blog/2017/03/09/epiceditor-cross-site-scripting/", + "refsource": "MISC", + "url": "https://bad.code.blog/2017/03/09/epiceditor-cross-site-scripting/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6852.json b/2017/6xxx/CVE-2017-6852.json index d99d0bc7e4a..ca457909242 100644 --- a/2017/6xxx/CVE-2017-6852.json +++ b/2017/6xxx/CVE-2017-6852.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/" - }, - { - "name" : "https://github.com/mdadams/jasper/issues/114", - "refsource" : "MISC", - "url" : "https://github.com/mdadams/jasper/issues/114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/25/jasper-heap-based-buffer-overflow-in-jpc_dec_decodepkt-jpc_t2dec-c/" + }, + { + "name": "https://github.com/mdadams/jasper/issues/114", + "refsource": "MISC", + "url": "https://github.com/mdadams/jasper/issues/114" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7342.json b/2017/7xxx/CVE-2017-7342.json index 1a9e0eae400..c957304f796 100644 --- a/2017/7xxx/CVE-2017-7342.json +++ b/2017/7xxx/CVE-2017-7342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7458.json b/2017/7xxx/CVE-2017-7458.json index 88039e4ff85..52709906ccb 100644 --- a/2017/7xxx/CVE-2017-7458.json +++ b/2017/7xxx/CVE-2017-7458.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md", - "refsource" : "MISC", - "url" : "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md" - }, - { - "name" : "https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f", - "refsource" : "MISC", - "url" : "https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f", + "refsource": "MISC", + "url": "https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f" + }, + { + "name": "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md", + "refsource": "MISC", + "url": "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7523.json b/2017/7xxx/CVE-2017-7523.json index c6903d72682..4aa26b6945f 100644 --- a/2017/7xxx/CVE-2017-7523.json +++ b/2017/7xxx/CVE-2017-7523.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-05-10T00:00:00", - "ID" : "CVE-2017-7523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cygwin", - "version" : { - "version_data" : [ - { - "version_value" : "since 1.7.2 up to 2.8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-05-10T00:00:00", + "ID": "CVE-2017-7523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cygwin", + "version": { + "version_data": [ + { + "version_value": "since 1.7.2 up to 2.8.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cygwin.com/ml/cygwin/2017-05/msg00149.html", - "refsource" : "MISC", - "url" : "https://cygwin.com/ml/cygwin/2017-05/msg00149.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cygwin.com/ml/cygwin/2017-05/msg00149.html", + "refsource": "MISC", + "url": "https://cygwin.com/ml/cygwin/2017-05/msg00149.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7646.json b/2017/7xxx/CVE-2017-7646.json index 790e9b9af94..487963655ef 100644 --- a/2017/7xxx/CVE-2017-7646.json +++ b/2017/7xxx/CVE-2017-7646.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://thwack.solarwinds.com/thread/111223", - "refsource" : "CONFIRM", - "url" : "https://thwack.solarwinds.com/thread/111223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://thwack.solarwinds.com/thread/111223", + "refsource": "CONFIRM", + "url": "https://thwack.solarwinds.com/thread/111223" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7699.json b/2017/7xxx/CVE-2017-7699.json index dd0c1160611..88abfeabe89 100644 --- a/2017/7xxx/CVE-2017-7699.json +++ b/2017/7xxx/CVE-2017-7699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10207.json b/2018/10xxx/CVE-2018-10207.json index 6b80cd7fdaa..217877b9b74 100644 --- a/2018/10xxx/CVE-2018-10207.json +++ b/2018/10xxx/CVE-2018-10207.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/", - "refsource" : "MISC", - "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/", + "refsource": "MISC", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10207/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10675.json b/2018/10xxx/CVE-2018-10675.json index d722fd9133c..8487f375115 100644 --- a/2018/10xxx/CVE-2018-10675.json +++ b/2018/10xxx/CVE-2018-10675.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99" - }, - { - "name" : "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9", - "refsource" : "MISC", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "RHSA-2018:2164", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2164" - }, - { - "name" : "RHSA-2018:2384", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2384" - }, - { - "name" : "RHSA-2018:2395", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2395" - }, - { - "name" : "RHSA-2018:2785", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2785" - }, - { - "name" : "RHSA-2018:2791", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2791" - }, - { - "name" : "RHSA-2018:2924", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2924" - }, - { - "name" : "RHSA-2018:2925", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2925" - }, - { - "name" : "RHSA-2018:2933", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2933" - }, - { - "name" : "RHSA-2018:3540", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3540" - }, - { - "name" : "RHSA-2018:3586", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3586" - }, - { - "name" : "RHSA-2018:3590", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3590" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "104093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3540", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3540" + }, + { + "name": "RHSA-2018:2785", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2785" + }, + { + "name": "RHSA-2018:2164", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2164" + }, + { + "name": "RHSA-2018:2925", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2925" + }, + { + "name": "RHSA-2018:2933", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2933" + }, + { + "name": "RHSA-2018:2395", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2395" + }, + { + "name": "RHSA-2018:2384", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2384" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "RHSA-2018:3590", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3590" + }, + { + "name": "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99" + }, + { + "name": "104093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104093" + }, + { + "name": "RHSA-2018:2924", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2924" + }, + { + "name": "RHSA-2018:3586", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3586" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9", + "refsource": "MISC", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9" + }, + { + "name": "RHSA-2018:2791", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2791" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14708.json b/2018/14xxx/CVE-2018-14708.json index a28ee5068e7..98deb015b91 100644 --- a/2018/14xxx/CVE-2018-14708.json +++ b/2018/14xxx/CVE-2018-14708.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17028.json b/2018/17xxx/CVE-2018-17028.json index bf8aa0b8dcc..4ef8263241e 100644 --- a/2018/17xxx/CVE-2018-17028.json +++ b/2018/17xxx/CVE-2018-17028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17193.json b/2018/17xxx/CVE-2018-17193.json index e2c8fa85ebc..fba813be17c 100644 --- a/2018/17xxx/CVE-2018-17193.json +++ b/2018/17xxx/CVE-2018-17193.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2018-17193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "Apache NiFi 1.0.0 - 1.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2018-17193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.0.0 - 1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2018-17193", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2018-17193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nifi.apache.org/security.html#CVE-2018-17193", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2018-17193" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17217.json b/2018/17xxx/CVE-2018-17217.json index 244ab726df4..d10dbb18d53 100644 --- a/2018/17xxx/CVE-2018-17217.json +++ b/2018/17xxx/CVE-2018-17217.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ptc.com/en/support/article?n=CS291004", - "refsource" : "CONFIRM", - "url" : "https://www.ptc.com/en/support/article?n=CS291004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ptc.com/en/support/article?n=CS291004", + "refsource": "CONFIRM", + "url": "https://www.ptc.com/en/support/article?n=CS291004" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17290.json b/2018/17xxx/CVE-2018-17290.json index 6fe5c778519..1523a5b0a4a 100644 --- a/2018/17xxx/CVE-2018-17290.json +++ b/2018/17xxx/CVE-2018-17290.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17290", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17290", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20055.json b/2018/20xxx/CVE-2018-20055.json index af6a0be4bcf..6dd7c49b566 100644 --- a/2018/20xxx/CVE-2018-20055.json +++ b/2018/20xxx/CVE-2018-20055.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20055", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20055", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20133.json b/2018/20xxx/CVE-2018-20133.json index 76e3aaa98f4..23050d2609b 100644 --- a/2018/20xxx/CVE-2018-20133.json +++ b/2018/20xxx/CVE-2018-20133.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ymlref allows code injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dexter2206/ymlref/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/dexter2206/ymlref/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ymlref allows code injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dexter2206/ymlref/issues/2", + "refsource": "MISC", + "url": "https://github.com/dexter2206/ymlref/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20310.json b/2018/20xxx/CVE-2018-20310.json index 7f34595377e..d04702d2b1d 100644 --- a/2018/20xxx/CVE-2018-20310.json +++ b/2018/20xxx/CVE-2018-20310.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20310", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20310", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9106.json b/2018/9xxx/CVE-2018-9106.json index 117385de1c4..179e18a0228 100644 --- a/2018/9xxx/CVE-2018-9106.json +++ b/2018/9xxx/CVE-2018-9106.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44370", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44370/" - }, - { - "name" : "https://www.acyba.com/acysms/change-log.html", - "refsource" : "MISC", - "url" : "https://www.acyba.com/acysms/change-log.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44370", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44370/" + }, + { + "name": "https://www.acyba.com/acysms/change-log.html", + "refsource": "MISC", + "url": "https://www.acyba.com/acysms/change-log.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9617.json b/2018/9xxx/CVE-2018-9617.json index 473fe3d4271..cb2141bc658 100644 --- a/2018/9xxx/CVE-2018-9617.json +++ b/2018/9xxx/CVE-2018-9617.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9617", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9617", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9642.json b/2018/9xxx/CVE-2018-9642.json index 1fc59652bc7..84a2176711d 100644 --- a/2018/9xxx/CVE-2018-9642.json +++ b/2018/9xxx/CVE-2018-9642.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9642", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9642", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file