diff --git a/2002/1xxx/CVE-2002-1222.json b/2002/1xxx/CVE-2002-1222.json index 2903e202d30..701cef1fb97 100644 --- a/2002/1xxx/CVE-2002-1222.json +++ b/2002/1xxx/CVE-2002-1222.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml" - }, - { - "name" : "cisco-catalyst-ciscoview-bo(10382)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10382.php" - }, - { - "name" : "5976", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml" + }, + { + "name": "cisco-catalyst-ciscoview-bo(10382)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10382.php" + }, + { + "name": "5976", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5976" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1286.json b/2002/1xxx/CVE-2002-1286.json index 49a58f2c41a..253afcc9072 100644 --- a/2002/1xxx/CVE-2002-1286.json +++ b/2002/1xxx/CVE-2002-1286.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021108 Technical information about unpatched MS Java vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103682630823080&w=2" - }, - { - "name" : "20021108 Technical information about unpatched MS Java vulnerabilities", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2" - }, - { - "name" : "VU#657625", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/657625" - }, - { - "name" : "6142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6142" - }, - { - "name" : "msvm-java-applet-redirect(10579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#657625", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/657625" + }, + { + "name": "20021108 Technical information about unpatched MS Java vulnerabilities", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2" + }, + { + "name": "6142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6142" + }, + { + "name": "msvm-java-applet-redirect(10579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10579" + }, + { + "name": "20021108 Technical information about unpatched MS Java vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103682630823080&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0527.json b/2003/0xxx/CVE-2003-0527.json index fe1d541d1f5..0793fe2c907 100644 --- a/2003/0xxx/CVE-2003-0527.json +++ b/2003/0xxx/CVE-2003-0527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0651.json b/2003/0xxx/CVE-2003-0651.json index 76a03cd3dbe..1d3263c3f9e 100644 --- a/2003/0xxx/CVE-2003-0651.json +++ b/2003/0xxx/CVE-2003-0651.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030728 Remotely exploitable overflow in mod_mylo for Apache", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0355.html" - }, - { - "name" : "8287", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030728 Remotely exploitable overflow in mod_mylo for Apache", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-07/0355.html" + }, + { + "name": "8287", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8287" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0983.json b/2003/0xxx/CVE-2003-0983.json index 7ac06818933..14f11eb9f89 100644 --- a/2003/0xxx/CVE-2003-0983.json +++ b/2003/0xxx/CVE-2003-0983.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a \"bubba\" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031210 Unity Vulnerabilities on IBM-based Servers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a \"bubba\" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031210 Unity Vulnerabilities on IBM-based Servers", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1327.json b/2003/1xxx/CVE-2003-1327.json index ca4c471e725..db567dca5f4 100644 --- a/2003/1xxx/CVE-2003-1327.json +++ b/2003/1xxx/CVE-2003-1327.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030922 Wu_ftpd all versions (not) vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html" - }, - { - "name" : "SSA:2003-259-03", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971" - }, - { - "name" : "8668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8668" - }, - { - "name" : "2594", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2594" - }, - { - "name" : "1007775", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007775" - }, - { - "name" : "9835", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9835" - }, - { - "name" : "wuftp-mailadmin-sockprintf-bo(13269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wuftp-mailadmin-sockprintf-bo(13269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269" + }, + { + "name": "SSA:2003-259-03", + "refsource": "SLACKWARE", + "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971" + }, + { + "name": "1007775", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007775" + }, + { + "name": "8668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8668" + }, + { + "name": "9835", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9835" + }, + { + "name": "2594", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2594" + }, + { + "name": "20030922 Wu_ftpd all versions (not) vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0196.json b/2004/0xxx/CVE-2004-0196.json index 2512dc1b5fa..82e9c45aa12 100644 --- a/2004/0xxx/CVE-2004-0196.json +++ b/2004/0xxx/CVE-2004-0196.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0196", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0196", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0311.json b/2004/0xxx/CVE-2004-0311.json index 73536250e77..83f2ad91655 100644 --- a/2004/0xxx/CVE-2004-0311.json +++ b/2004/0xxx/CVE-2004-0311.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107703696631367&w=2" - }, - { - "name" : "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107721020803565&w=2" - }, - { - "name" : "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129", - "refsource" : "CONFIRM", - "url" : "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129" - }, - { - "name" : "apc-smartslot-default-password(15238)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238" - }, - { - "name" : "9681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9681" + }, + { + "name": "apc-smartslot-default-password(15238)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15238" + }, + { + "name": "20040216 APC 9606 SmartSlot Web/SNMP management card \"backdoor\"", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107703696631367&w=2" + }, + { + "name": "20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card \"backdoor\"", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107721020803565&w=2" + }, + { + "name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129", + "refsource": "CONFIRM", + "url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2115.json b/2004/2xxx/CVE-2004-2115.json index e9d99854ae3..28f5682aeb6 100644 --- a/2004/2xxx/CVE-2004-2115.json +++ b/2004/2xxx/CVE-2004-2115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040124 Oracle HTTP Server Cross Site Scripting Vulnerabillity", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107496560106967&w=2" - }, - { - "name" : "9484", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9484" - }, - { - "name" : "oraclehttpserver-isqlplus-xss(14930)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oraclehttpserver-isqlplus-xss(14930)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14930" + }, + { + "name": "20040124 Oracle HTTP Server Cross Site Scripting Vulnerabillity", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107496560106967&w=2" + }, + { + "name": "9484", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9484" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2209.json b/2004/2xxx/CVE-2004-2209.json index 9a40f9f6131..7f08704cc18 100644 --- a/2004/2xxx/CVE-2004-2209.json +++ b/2004/2xxx/CVE-2004-2209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxpatrol.com/advdetails.asp?id=14", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/advdetails.asp?id=14" - }, - { - "name" : "http://www.maxpatrol.com/mp_advisory.asp", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/mp_advisory.asp" - }, - { - "name" : "11424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxpatrol.com/mp_advisory.asp", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/mp_advisory.asp" + }, + { + "name": "http://www.maxpatrol.com/advdetails.asp?id=14", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/advdetails.asp?id=14" + }, + { + "name": "11424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11424" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2668.json b/2004/2xxx/CVE-2004-2668.json index 2b8ab82c1f1..ea7fa298b27 100644 --- a/2004/2xxx/CVE-2004-2668.json +++ b/2004/2xxx/CVE-2004-2668.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ftp.icdevgroup.org/interchange/4.8/WHATSNEW", - "refsource" : "CONFIRM", - "url" : "http://ftp.icdevgroup.org/interchange/4.8/WHATSNEW" - }, - { - "name" : "7140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7140" + }, + { + "name": "http://ftp.icdevgroup.org/interchange/4.8/WHATSNEW", + "refsource": "CONFIRM", + "url": "http://ftp.icdevgroup.org/interchange/4.8/WHATSNEW" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2165.json b/2008/2xxx/CVE-2008-2165.json index 41c3a50adf4..498f1ed43a2 100644 --- a/2008/2xxx/CVE-2008-2165.json +++ b/2008/2xxx/CVE-2008-2165.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080513 Cisco BBSM Captive Portal Cross-site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492043/100/0/threaded" - }, - { - "name" : "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492093/100/0/threaded" - }, - { - "name" : "29191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29191" - }, - { - "name" : "ADV-2008-1535", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1535" - }, - { - "name" : "1020018", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020018" - }, - { - "name" : "30222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30222" - }, - { - "name" : "3895", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3895" - }, - { - "name" : "cisco-bbsm-accesscodestart-xss(42395)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080513 Cisco BBSM Captive Portal Cross-site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492043/100/0/threaded" + }, + { + "name": "20080514 Re: Cisco BBSM Captive Portal Cross-site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492093/100/0/threaded" + }, + { + "name": "29191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29191" + }, + { + "name": "30222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30222" + }, + { + "name": "3895", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3895" + }, + { + "name": "ADV-2008-1535", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1535" + }, + { + "name": "cisco-bbsm-accesscodestart-xss(42395)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42395" + }, + { + "name": "1020018", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020018" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2274.json b/2008/2xxx/CVE-2008-2274.json index 6ec383f500c..915baf5a3cb 100644 --- a/2008/2xxx/CVE-2008-2274.json +++ b/2008/2xxx/CVE-2008-2274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/" - }, - { - "name" : "29239", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29239" - }, - { - "name" : "30275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30275" - }, - { - "name" : "srfeuserregister-unspecified-xss(42443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30275" + }, + { + "name": "29239", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29239" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-1/" + }, + { + "name": "srfeuserregister-unspecified-xss(42443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42443" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2580.json b/2008/2xxx/CVE-2008-2580.json index 6f0d0bc14be..aa46fa0809f 100644 --- a/2008/2xxx/CVE-2008-2580.json +++ b/2008/2xxx/CVE-2008-2580.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020498", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020498" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - }, - { - "name" : "oracle-weblogic-jsp-info-disclosure(43829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + }, + { + "name": "oracle-weblogic-jsp-info-disclosure(43829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43829" + }, + { + "name": "1020498", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020498" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2644.json b/2008/2xxx/CVE-2008-2644.json index 711ad670e64..a5a2eb6716e 100644 --- a/2008/2xxx/CVE-2008-2644.json +++ b/2008/2xxx/CVE-2008-2644.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080605 SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493130/100/0/threaded" - }, - { - "name" : "5725", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5725" - }, - { - "name" : "29496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29496" - }, - { - "name" : "30477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30477" - }, - { - "name" : "smeweb-multiple-scripts-xss(42813)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s parameter to order.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5725", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5725" + }, + { + "name": "smeweb-multiple-scripts-xss(42813)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42813" + }, + { + "name": "30477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30477" + }, + { + "name": "20080605 SMEweb 1.4b (SQL/XSS) Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493130/100/0/threaded" + }, + { + "name": "29496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29496" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0143.json b/2012/0xxx/CVE-2012-0143.json index ea18a7760a4..9dcdec99b9f 100644 --- a/2012/0xxx/CVE-2012-0143.json +++ b/2012/0xxx/CVE-2012-0143.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Memory Corruption Using Various Modified Bytes Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030" - }, - { - "name" : "TA12-129A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" - }, - { - "name" : "53374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53374" - }, - { - "name" : "oval:org.mitre.oval:def:15064", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15064" - }, - { - "name" : "1027041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027041" - }, - { - "name" : "49112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel Memory Corruption Using Various Modified Bytes Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027041" + }, + { + "name": "53374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53374" + }, + { + "name": "MS12-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030" + }, + { + "name": "oval:org.mitre.oval:def:15064", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15064" + }, + { + "name": "49112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49112" + }, + { + "name": "TA12-129A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1182.json b/2012/1xxx/CVE-2012-1182.json index 3aefc4e21b1..2d96e731c24 100644 --- a/2012/1xxx/CVE-2012-1182.json +++ b/2012/1xxx/CVE-2012-1182.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.samba.org/samba/security/CVE-2012-1182", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2012-1182" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578", - "refsource" : "CONFIRM", - "url" : "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.6.4.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.6.4.html" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "DSA-2450", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2450" - }, - { - "name" : "FEDORA-2012-6382", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html" - }, - { - "name" : "FEDORA-2012-5793", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html" - }, - { - "name" : "FEDORA-2012-5805", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html" - }, - { - "name" : "FEDORA-2012-5843", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html" - }, - { - "name" : "HPSBUX02789", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134323086902585&w=2" - }, - { - "name" : "SSRT100824", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134323086902585&w=2" - }, - { - "name" : "HPSBMU02790", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951282306605&w=2" - }, - { - "name" : "SSRT100872", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951282306605&w=2" - }, - { - "name" : "MDVSA-2012:055", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:055" - }, - { - "name" : "SUSE-SU-2012:0501", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html" - }, - { - "name" : "SUSE-SU-2012:0502", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html" - }, - { - "name" : "SUSE-SU-2012:0504", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html" - }, - { - "name" : "SUSE-SU-2012:0515", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html" - }, - { - "name" : "USN-1423-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1423-1" - }, - { - "name" : "1026913", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026913" - }, - { - "name" : "48999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48999" - }, - { - "name" : "48844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48844" - }, - { - "name" : "48879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48879" - }, - { - "name" : "48751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48751" - }, - { - "name" : "48754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48754" - }, - { - "name" : "48816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48816" - }, - { - "name" : "48818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48818" - }, - { - "name" : "48873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2012:055", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:055" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.6.4.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.6.4.html" + }, + { + "name": "SUSE-SU-2012:0501", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html" + }, + { + "name": "https://www.samba.org/samba/security/CVE-2012-1182", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2012-1182" + }, + { + "name": "48751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48751" + }, + { + "name": "SUSE-SU-2012:0515", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html" + }, + { + "name": "DSA-2450", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2450" + }, + { + "name": "HPSBUX02789", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134323086902585&w=2" + }, + { + "name": "SUSE-SU-2012:0502", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html" + }, + { + "name": "48844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48844" + }, + { + "name": "USN-1423-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1423-1" + }, + { + "name": "FEDORA-2012-5793", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html" + }, + { + "name": "FEDORA-2012-5805", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html" + }, + { + "name": "48816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48816" + }, + { + "name": "FEDORA-2012-5843", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html" + }, + { + "name": "HPSBMU02790", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951282306605&w=2" + }, + { + "name": "SUSE-SU-2012:0504", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html" + }, + { + "name": "48879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48879" + }, + { + "name": "48754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48754" + }, + { + "name": "FEDORA-2012-6382", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html" + }, + { + "name": "1026913", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026913" + }, + { + "name": "48818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48818" + }, + { + "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578", + "refsource": "CONFIRM", + "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578" + }, + { + "name": "48999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48999" + }, + { + "name": "SSRT100872", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951282306605&w=2" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "SSRT100824", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134323086902585&w=2" + }, + { + "name": "48873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48873" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1318.json b/2012/1xxx/CVE-2012-1318.json index 7c60da72a2d..db6dcb14b07 100644 --- a/2012/1xxx/CVE-2012-1318.json +++ b/2012/1xxx/CVE-2012-1318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1567.json b/2012/1xxx/CVE-2012-1567.json index a92484eeb0e..ce315cf324b 100644 --- a/2012/1xxx/CVE-2012-1567.json +++ b/2012/1xxx/CVE-2012-1567.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1567", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1567", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1666.json b/2012/1xxx/CVE-2012-1666.json index f3577f02630..d97cbd48e29 100644 --- a/2012/1xxx/CVE-2012-1666.json +++ b/2012/1xxx/CVE-2012-1666.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120904 VMWare Tools susceptible to binary planting by hijack", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html" - }, - { - "name" : "https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120904 VMWare Tools susceptible to binary planting by hijack", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0013.html" + }, + { + "name": "https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1848.json b/2012/1xxx/CVE-2012-1848.json index ea24ee1883b..0db1c85482b 100644 --- a/2012/1xxx/CVE-2012-1848.json +++ b/2012/1xxx/CVE-2012-1848.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka \"Scrollbar Calculation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034" - }, - { - "name" : "TA12-129A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" - }, - { - "name" : "53327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53327" - }, - { - "name" : "oval:org.mitre.oval:def:15555", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15555" - }, - { - "name" : "1027039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka \"Scrollbar Calculation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027039" + }, + { + "name": "53327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53327" + }, + { + "name": "oval:org.mitre.oval:def:15555", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15555" + }, + { + "name": "MS12-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034" + }, + { + "name": "TA12-129A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5303.json b/2012/5xxx/CVE-2012-5303.json index d406fc5d33e..e7588f54deb 100644 --- a/2012/5xxx/CVE-2012-5303.json +++ b/2012/5xxx/CVE-2012-5303.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879" - }, - { - "name" : "55905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrary files via a symlink attack on a PID file, as demonstrated by a pathname different from the default /var/run/monkey.pid pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879" + }, + { + "name": "55905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55905" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672425" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5621.json b/2012/5xxx/CVE-2012-5621.json index 053a4ef3a20..f0a7cb87935 100644 --- a/2012/5xxx/CVE-2012-5621.json +++ b/2012/5xxx/CVE-2012-5621.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121203 Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2012/q4/407" - }, - { - "name" : "http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=883058", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=883058" - }, - { - "name" : "https://git.gnome.org/browse/ekiga/commit/?id=7d09807257", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/ekiga/commit/?id=7d09807257" - }, - { - "name" : "FEDORA-2013-2998", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html" - }, - { - "name" : "56790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56790" - }, - { - "name" : "ekiga-utf8-dos(80640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=883058", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883058" + }, + { + "name": "FEDORA-2013-2998", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html" + }, + { + "name": "http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news" + }, + { + "name": "https://git.gnome.org/browse/ekiga/commit/?id=7d09807257", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/ekiga/commit/?id=7d09807257" + }, + { + "name": "ekiga-utf8-dos(80640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80640" + }, + { + "name": "56790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56790" + }, + { + "name": "[oss-security] 20121203 Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2012/q4/407" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11768.json b/2017/11xxx/CVE-2017-11768.json index 1852bf9bc2e..b78cc74a1ab 100644 --- a/2017/11xxx/CVE-2017-11768.json +++ b/2017/11xxx/CVE-2017-11768.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Media Player", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka \"Windows Media Player Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Media Player", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768" - }, - { - "name" : "101705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101705" - }, - { - "name" : "1039794", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka \"Windows Media Player Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039794", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039794" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11768" + }, + { + "name": "101705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101705" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3159.json b/2017/3xxx/CVE-2017-3159.json index b30972f19f2..2ee37f63b8d 100644 --- a/2017/3xxx/CVE-2017-3159.json +++ b/2017/3xxx/CVE-2017-3159.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-3159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Camel", - "version" : { - "version_data" : [ - { - "version_value" : "2.17.0 to 2.17.4" - }, - { - "version_value" : "2.18.0 to 2.18.1" - }, - { - "version_value" : "The unsupported Camel 2.x (2.14 and earlier) versions may be also affected." - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Java deserialization" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-3159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Camel", + "version": { + "version_data": [ + { + "version_value": "2.17.0 to 2.17.4" + }, + { + "version_value": "2.18.0 to 2.18.1" + }, + { + "version_value": "The unsupported Camel 2.x (2.14 and earlier) versions may be also affected." + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/22/2" - }, - { - "name" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", - "refsource" : "MISC", - "url" : "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" - }, - { - "name" : "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc?version=1&modificationDate=1486565167000&api=v2", - "refsource" : "CONFIRM", - "url" : "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc?version=1&modificationDate=1486565167000&api=v2" - }, - { - "name" : "RHSA-2017:0868", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0868" - }, - { - "name" : "96321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Java deserialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0868", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0868" + }, + { + "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", + "refsource": "MISC", + "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true" + }, + { + "name": "96321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96321" + }, + { + "name": "[oss-security] 20170522 Code Execution through a variety Java (Un-)Marshallers", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/22/2" + }, + { + "name": "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc?version=1&modificationDate=1486565167000&api=v2", + "refsource": "CONFIRM", + "url": "http://camel.apache.org/security-advisories.data/CVE-2017-3159.txt.asc?version=1&modificationDate=1486565167000&api=v2" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3376.json b/2017/3xxx/CVE-2017-3376.json index d0763192735..c8901fb5f92 100644 --- a/2017/3xxx/CVE-2017-3376.json +++ b/2017/3xxx/CVE-2017-3376.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3433.json b/2017/3xxx/CVE-2017-3433.json index c355a8e94c8..d3bc10dca5b 100644 --- a/2017/3xxx/CVE-2017-3433.json +++ b/2017/3xxx/CVE-2017-3433.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "One-to-One Fulfillment", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95569" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6206.json b/2017/6xxx/CVE-2017-6206.json index 8161236a5f7..bb637f7c381 100644 --- a/2017/6xxx/CVE-2017-6206.json +++ b/2017/6xxx/CVE-2017-6206.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41662", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41662/" - }, - { - "name" : "https://github.com/varangamin/CVE-2017-6206", - "refsource" : "MISC", - "url" : "https://github.com/varangamin/CVE-2017-6206" - }, - { - "name" : "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070", - "refsource" : "CONFIRM", - "url" : "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070" - }, - { - "name" : "96393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41662", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41662/" + }, + { + "name": "96393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96393" + }, + { + "name": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070", + "refsource": "CONFIRM", + "url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070" + }, + { + "name": "https://github.com/varangamin/CVE-2017-6206", + "refsource": "MISC", + "url": "https://github.com/varangamin/CVE-2017-6206" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7086.json b/2017/7xxx/CVE-2017-7086.json index 58209e309d8..be5318e740d 100644 --- a/2017/7xxx/CVE-2017-7086.json +++ b/2017/7xxx/CVE-2017-7086.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"libc\" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208115", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208115" - }, - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "100990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100990" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"libc\" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "100990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100990" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "https://support.apple.com/HT208115", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208115" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7902.json b/2017/7xxx/CVE-2017-7902.json index ecf0ae4171c..78c910edc5d 100644 --- a/2017/7xxx/CVE-2017-7902.json +++ b/2017/7xxx/CVE-2017-7902.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400", - "version" : { - "version_data" : [ - { - "version_value" : "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-323" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04" - }, - { - "name" : "1038546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"Reusing a Nonce, Key Pair in Encryption\" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected product reuses nonces, which may allow an attacker to capture and replay a valid request until the nonce is changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-323" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038546" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7941.json b/2017/7xxx/CVE-2017-7941.json index a4956ebbddc..49970459695 100644 --- a/2017/7xxx/CVE-2017-7941.json +++ b/2017/7xxx/CVE-2017-7941.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/428", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/428" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "97944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/428", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/428" + }, + { + "name": "97944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97944" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7948.json b/2017/7xxx/CVE-2017-7948.json index 19e646c3fbc..107f85a617c 100644 --- a/2017/7xxx/CVE-2017-7948.json +++ b/2017/7xxx/CVE-2017-7948.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699", - "refsource" : "CONFIRM", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697762", - "refsource" : "CONFIRM", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697762" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697762", + "refsource": "CONFIRM", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697762" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699", + "refsource": "CONFIRM", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8357.json b/2017/8xxx/CVE-2017-8357.json index 80c442c4054..4955ead916a 100644 --- a/2017/8xxx/CVE-2017-8357.json +++ b/2017/8xxx/CVE-2017-8357.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/453", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/453" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98388" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/453", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/453" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8399.json b/2017/8xxx/CVE-2017-8399.json index 252f799f4e8..09a3fa7fd0e 100644 --- a/2017/8xxx/CVE-2017-8399.json +++ b/2017/8xxx/CVE-2017-8399.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783" - }, - { - "name" : "https://vcs.pcre.org/pcre2?view=revision&revision=674", - "refsource" : "MISC", - "url" : "https://vcs.pcre.org/pcre2?view=revision&revision=674" - }, - { - "name" : "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", - "refsource" : "CONFIRM", - "url" : "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup" - }, - { - "name" : "GLSA-201710-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-09" - }, - { - "name" : "98315", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based buffer overflow in pcre2_match.c, related to a \"pattern with very many captures.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201710-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-09" + }, + { + "name": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup", + "refsource": "CONFIRM", + "url": "https://vcs.pcre.org/pcre2/code/tags/pcre2-10.30/ChangeLog?revision=854&view=markup" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783" + }, + { + "name": "https://vcs.pcre.org/pcre2?view=revision&revision=674", + "refsource": "MISC", + "url": "https://vcs.pcre.org/pcre2?view=revision&revision=674" + }, + { + "name": "98315", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98315" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8831.json b/2017/8xxx/CVE-2017-8831.json index 14d69c8bc57..616e302fc97 100644 --- a/2017/8xxx/CVE-2017-8831.json +++ b/2017/8xxx/CVE-2017-8831.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "http://www.securityfocus.com/archive/1/540770/30/0/threaded", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/archive/1/540770/30/0/threaded" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=195559", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=195559" - }, - { - "name" : "https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c", - "refsource" : "CONFIRM", - "url" : "https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "99619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c", + "refsource": "CONFIRM", + "url": "https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c" + }, + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "99619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99619" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=195559", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=195559" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "http://www.securityfocus.com/archive/1/540770/30/0/threaded", + "refsource": "MISC", + "url": "http://www.securityfocus.com/archive/1/540770/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8892.json b/2017/8xxx/CVE-2017-8892.json index d7f58ac62c3..088b379652a 100644 --- a/2017/8xxx/CVE-2017-8892.json +++ b/2017/8xxx/CVE-2017-8892.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tarlogic.com/blog/vulnerabilidades-en-tempobox/", - "refsource" : "MISC", - "url" : "https://www.tarlogic.com/blog/vulnerabilidades-en-tempobox/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tarlogic.com/blog/vulnerabilidades-en-tempobox/", + "refsource": "MISC", + "url": "https://www.tarlogic.com/blog/vulnerabilidades-en-tempobox/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10425.json b/2018/10xxx/CVE-2018-10425.json index c4da94e7790..318bd5cfb4b 100644 --- a/2018/10xxx/CVE-2018-10425.json +++ b/2018/10xxx/CVE-2018-10425.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rebol0x6c/2345poc", - "refsource" : "MISC", - "url" : "https://github.com/rebol0x6c/2345poc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because SetParent is not properly considered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rebol0x6c/2345poc", + "refsource": "MISC", + "url": "https://github.com/rebol0x6c/2345poc" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10436.json b/2018/10xxx/CVE-2018-10436.json index b11ff1c9d43..1d4f229fccf 100644 --- a/2018/10xxx/CVE-2018-10436.json +++ b/2018/10xxx/CVE-2018-10436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10644.json b/2018/10xxx/CVE-2018-10644.json index af1916511aa..9db2c810411 100644 --- a/2018/10xxx/CVE-2018-10644.json +++ b/2018/10xxx/CVE-2018-10644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10644", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10644", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10947.json b/2018/10xxx/CVE-2018-10947.json index 6b3066c8952..bda9c29fa49 100644 --- a/2018/10xxx/CVE-2018-10947.json +++ b/2018/10xxx/CVE-2018-10947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13013.json b/2018/13xxx/CVE-2018-13013.json index 7b249a3cde9..3a2a20b1b13 100644 --- a/2018/13xxx/CVE-2018-13013.json +++ b/2018/13xxx/CVE-2018-13013.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.)" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3", - "refsource" : "MISC", - "url" : "http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. (The intended behavior is that the component SysWatch does not allow installation of MSI files unless they are signed by a limited list of certificates.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3", + "refsource": "MISC", + "url": "http://www.safensoft.com/security.phtml?c=865#SNSVE-2018-3" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13405.json b/2018/13xxx/CVE-2018-13405.json index c77c8ba38bc..b03de6906b3 100644 --- a/2018/13xxx/CVE-2018-13405.json +++ b/2018/13xxx/CVE-2018-13405.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45033", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45033/" - }, - { - "name" : "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" - }, - { - "name" : "http://openwall.com/lists/oss-security/2018/07/13/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/07/13/2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" - }, - { - "name" : "https://twitter.com/grsecurity/status/1015082951204327425", - "refsource" : "MISC", - "url" : "https://twitter.com/grsecurity/status/1015082951204327425" - }, - { - "name" : "DSA-4266", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4266" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3752-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-1/" - }, - { - "name" : "USN-3752-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-2/" - }, - { - "name" : "USN-3753-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-1/" - }, - { - "name" : "USN-3753-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "USN-3752-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-3/" - }, - { - "name" : "106503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3752-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-2/" + }, + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "USN-3752-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-3/" + }, + { + "name": "https://twitter.com/grsecurity/status/1015082951204327425", + "refsource": "MISC", + "url": "https://twitter.com/grsecurity/status/1015082951204327425" + }, + { + "name": "USN-3753-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-2/" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/07/13/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/07/13/2" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" + }, + { + "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" + }, + { + "name": "45033", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45033/" + }, + { + "name": "DSA-4266", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4266" + }, + { + "name": "106503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106503" + }, + { + "name": "USN-3752-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-1/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "USN-3753-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13495.json b/2018/13xxx/CVE-2018-13495.json index a3323baf04e..f79dd15d3de 100644 --- a/2018/13xxx/CVE-2018-13495.json +++ b/2018/13xxx/CVE-2018-13495.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KMCToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KMCToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KMCToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KMCToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13715.json b/2018/13xxx/CVE-2018-13715.json index 764a8458122..0b7ecdbe357 100644 --- a/2018/13xxx/CVE-2018-13715.json +++ b/2018/13xxx/CVE-2018-13715.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BpsToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BpsToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BpsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BpsToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BpsToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13961.json b/2018/13xxx/CVE-2018-13961.json index a9b83bf2c5e..ce0c1f5e43d 100644 --- a/2018/13xxx/CVE-2018-13961.json +++ b/2018/13xxx/CVE-2018-13961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17020.json b/2018/17xxx/CVE-2018-17020.json index 4f7a28ff6c5..202b6aac5c4 100644 --- a/2018/17xxx/CVE-2018-17020.json +++ b/2018/17xxx/CVE-2018-17020.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single \"GET / HTTP/1.1\\r\\n\" line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ASUS%20GT-AC5300%20DOS1.MD", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ASUS%20GT-AC5300%20DOS1.MD" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allow remote attackers to cause a denial of service via a single \"GET / HTTP/1.1\\r\\n\" line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ASUS%20GT-AC5300%20DOS1.MD", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ASUS%20GT-AC5300%20DOS1.MD" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17232.json b/2018/17xxx/CVE-2018-17232.json index 4549e1ef3dc..7d9b383555e 100644 --- a/2018/17xxx/CVE-2018-17232.json +++ b/2018/17xxx/CVE-2018-17232.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/docmarionum1/slack-archive-bot/issues/12", - "refsource" : "MISC", - "url" : "https://github.com/docmarionum1/slack-archive-bot/issues/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/docmarionum1/slack-archive-bot/issues/12", + "refsource": "MISC", + "url": "https://github.com/docmarionum1/slack-archive-bot/issues/12" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17964.json b/2018/17xxx/CVE-2018-17964.json index 314ee21b7ec..bfdde3c420a 100644 --- a/2018/17xxx/CVE-2018-17964.json +++ b/2018/17xxx/CVE-2018-17964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aryanic HighPortal 12.5 has XSS via an Add Tags action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/149823/HighPortal-12.5-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/149823/HighPortal-12.5-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aryanic HighPortal 12.5 has XSS via an Add Tags action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/149823/HighPortal-12.5-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/149823/HighPortal-12.5-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9833.json b/2018/9xxx/CVE-2018-9833.json index 9262f3f898b..930aa032ed9 100644 --- a/2018/9xxx/CVE-2018-9833.json +++ b/2018/9xxx/CVE-2018-9833.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9833", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9833", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file