diff --git a/2002/1xxx/CVE-2002-1108.json b/2002/1xxx/CVE-2002-1108.json index c170838045f..6e3712bab40 100644 --- a/2002/1xxx/CVE-2002-1108.json +++ b/2002/1xxx/CVE-2002-1108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn-tcp-filter(10047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047" - }, - { - "name" : "5651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-vpn-tcp-filter(10047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10047" + }, + { + "name": "5651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5651" + }, + { + "name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1484.json b/2002/1xxx/CVE-2002-1484.json index e372fe3ef59..b0412031ba6 100644 --- a/2002/1xxx/CVE-2002-1484.json +++ b/2002/1xxx/CVE-2002-1484.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020917 Advisory: TCP-Connection risk in DB4Web", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html" - }, - { - "name" : "20020919 Advisory: TCP-Connection risk in DB4Web", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html" - }, - { - "name" : "db4web-tcp-portscan(10136)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10136.php" - }, - { - "name" : "5725", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020919 Advisory: TCP-Connection risk in DB4Web", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0125.html" + }, + { + "name": "20020917 Advisory: TCP-Connection risk in DB4Web", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0201.html" + }, + { + "name": "db4web-tcp-portscan(10136)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10136.php" + }, + { + "name": "5725", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5725" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1844.json b/2002/1xxx/CVE-2002-1844.json index 367d164bb1a..c68ec573375 100644 --- a/2002/1xxx/CVE-2002-1844.json +++ b/2002/1xxx/CVE-2002-1844.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 Microsoft Windows Media Player for Sparc/Solaris vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0260.html" - }, - { - "name" : "6003", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6003" - }, - { - "name" : "mediaplayer-world-writable-executables(10398)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10398.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021018 Microsoft Windows Media Player for Sparc/Solaris vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0260.html" + }, + { + "name": "mediaplayer-world-writable-executables(10398)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10398.php" + }, + { + "name": "6003", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6003" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1900.json b/2002/1xxx/CVE-2002-1900.json index dc3542f9f30..1f3396cc9a6 100644 --- a/2002/1xxx/CVE-2002-1900.json +++ b/2002/1xxx/CVE-2002-1900.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "4988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4988" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0001.json b/2003/0xxx/CVE-2003-0001.json index c4bdb04d2c1..f45544f7e3e 100644 --- a/2003/0xxx/CVE-2003-0001.json +++ b/2003/0xxx/CVE-2003-0001.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A010603-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a010603-1.txt" - }, - { - "name" : "20030110 More information regarding Etherleak", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104222046632243&w=2" - }, - { - "name" : "20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305335/30/26420/threaded" - }, - { - "name" : "20030117 Re: More information regarding Etherleak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/307564/30/26270/threaded" - }, - { - "name" : "20030110 More information regarding Etherleak", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html" - }, - { - "name" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", - "refsource" : "MISC", - "url" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "RHSA-2003:088", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-088.html" - }, - { - "name" : "VU#412115", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/412115" - }, - { - "name" : "RHSA-2003:025", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html" - }, - { - "name" : "9962", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9962" - }, - { - "name" : "oval:org.mitre.oval:def:2665", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665" - }, - { - "name" : "1031583", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031583" - }, - { - "name" : "1040185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040185" - }, - { - "name" : "7996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7996" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030117 Re: More information regarding Etherleak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/307564/30/26270/threaded" + }, + { + "name": "1031583", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031583" + }, + { + "name": "9962", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9962" + }, + { + "name": "RHSA-2003:088", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "20030110 More information regarding Etherleak", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104222046632243&w=2" + }, + { + "name": "VU#412115", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/412115" + }, + { + "name": "20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305335/30/26420/threaded" + }, + { + "name": "oval:org.mitre.oval:def:2665", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665" + }, + { + "name": "20030110 More information regarding Etherleak", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html" + }, + { + "name": "RHSA-2003:025", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html" + }, + { + "name": "7996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7996" + }, + { + "name": "A010603-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a010603-1.txt" + }, + { + "name": "1040185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040185" + }, + { + "name": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf", + "refsource": "MISC", + "url": "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0337.json b/2003/0xxx/CVE-2003-0337.json index d4f07300ee5..fdec8832d18 100644 --- a/2003/0xxx/CVE-2003-0337.json +++ b/2003/0xxx/CVE-2003-0337.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030522 Security advisory: LSF 5.1 local root exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105361879109409&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030522 Security advisory: LSF 5.1 local root exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105361879109409&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0813.json b/2003/0xxx/CVE-2003-0813.json index 23e2f7105bb..49c7ac91849 100644 --- a/2003/0xxx/CVE-2003-0813.json +++ b/2003/0xxx/CVE-2003-0813.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031014 Microsoft RPC Race Condition Denial of Service", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/155" - }, - { - "name" : "20031010 Bad news on RPC DCOM vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106579825211708&w=2" - }, - { - "name" : "20031011 RE: Bad news on RPC DCOM vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106588827513795&w=2" - }, - { - "name" : "20031010 Bad news on RPC DCOM vulnerability", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=106580303918155&w=2" - }, - { - "name" : "20031010 Re : [VERY] BAD news on RPC DCOM Exploit", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html" - }, - { - "name" : "20031010 Re: Bad news on RPC DCOM vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html" - }, - { - "name" : "http://www.securitylab.ru/_exploits/rpc2.c.txt", - "refsource" : "MISC", - "url" : "http://www.securitylab.ru/_exploits/rpc2.c.txt" - }, - { - "name" : "20031011 Bad news on RPC DCOM2 vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html" - }, - { - "name" : "MS04-012", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012" - }, - { - "name" : "TA04-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" - }, - { - "name" : "VU#547820", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/547820" - }, - { - "name" : "8811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8811" - }, - { - "name" : "oval:org.mitre.oval:def:893", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A893" - }, - { - "name" : "oval:org.mitre.oval:def:894", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A894" - }, - { - "name" : "oval:org.mitre.oval:def:900", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031010 Re : [VERY] BAD news on RPC DCOM Exploit", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html" + }, + { + "name": "20031010 Bad news on RPC DCOM vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106579825211708&w=2" + }, + { + "name": "20031011 Bad news on RPC DCOM2 vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html" + }, + { + "name": "VU#547820", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/547820" + }, + { + "name": "oval:org.mitre.oval:def:894", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A894" + }, + { + "name": "20031011 RE: Bad news on RPC DCOM vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106588827513795&w=2" + }, + { + "name": "TA04-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" + }, + { + "name": "MS04-012", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012" + }, + { + "name": "20031010 Bad news on RPC DCOM vulnerability", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=106580303918155&w=2" + }, + { + "name": "http://www.securitylab.ru/_exploits/rpc2.c.txt", + "refsource": "MISC", + "url": "http://www.securitylab.ru/_exploits/rpc2.c.txt" + }, + { + "name": "20031014 Microsoft RPC Race Condition Denial of Service", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/155" + }, + { + "name": "8811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8811" + }, + { + "name": "20031010 Re: Bad news on RPC DCOM vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html" + }, + { + "name": "oval:org.mitre.oval:def:900", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A900" + }, + { + "name": "oval:org.mitre.oval:def:893", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A893" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1190.json b/2003/1xxx/CVE-2003-1190.json index 3b357a5ee15..d0e90569e86 100644 --- a/2003/1xxx/CVE-2003-1190.json +++ b/2003/1xxx/CVE-2003-1190.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=193940", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=193940" - }, - { - "name" : "8963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8963" - }, - { - "name" : "2755", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2755" - }, - { - "name" : "10109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10109" - }, - { - "name" : "phprecipebook-recipe-xss(13574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=193940", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=193940" + }, + { + "name": "2755", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2755" + }, + { + "name": "phprecipebook-recipe-xss(13574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13574" + }, + { + "name": "10109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10109" + }, + { + "name": "8963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8963" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2444.json b/2004/2xxx/CVE-2004-2444.json index d4e7f88afcf..b50abcc4caf 100644 --- a/2004/2xxx/CVE-2004-2444.json +++ b/2004/2xxx/CVE-2004-2444.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040705 Multiples vulnerabilities in JAWS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html" - }, - { - "name" : "10670", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10670" - }, - { - "name" : "7723", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7723" - }, - { - "name" : "1010651", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010651" - }, - { - "name" : "jaws-indexphp-xss(16621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jaws-indexphp-xss(16621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16621" + }, + { + "name": "1010651", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010651" + }, + { + "name": "20040705 Multiples vulnerabilities in JAWS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html" + }, + { + "name": "7723", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7723" + }, + { + "name": "10670", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10670" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2555.json b/2004/2xxx/CVE-2004-2555.json index 01efe83068f..9cedb56407d 100644 --- a/2004/2xxx/CVE-2004-2555.json +++ b/2004/2xxx/CVE-2004-2555.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040604 [CYSA-0329] Password recovery vulnerability in FoolProof Security 3.9.x for Windows 95/9", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html" - }, - { - "name" : "10467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10467" - }, - { - "name" : "6735", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6735" - }, - { - "name" : "11790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11790" - }, - { - "name" : "foolproof-admin-password-recovery(16327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6735", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6735" + }, + { + "name": "foolproof-admin-password-recovery(16327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16327" + }, + { + "name": "11790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11790" + }, + { + "name": "10467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10467" + }, + { + "name": "20040604 [CYSA-0329] Password recovery vulnerability in FoolProof Security 3.9.x for Windows 95/9", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0081.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2664.json b/2004/2xxx/CVE-2004-2664.json index d7adb103bed..5f67fac5b80 100644 --- a/2004/2xxx/CVE-2004-2664.json +++ b/2004/2xxx/CVE-2004-2664.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phplens.com/lens/adodb/docs-adodb.htm#changes", - "refsource" : "CONFIRM", - "url" : "http://phplens.com/lens/adodb/docs-adodb.htm#changes" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phplens.com/lens/adodb/docs-adodb.htm#changes", + "refsource": "CONFIRM", + "url": "http://phplens.com/lens/adodb/docs-adodb.htm#changes" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2298.json b/2008/2xxx/CVE-2008-2298.json index f1484b84609..3c5b7a78c92 100644 --- a/2008/2xxx/CVE-2008-2298.json +++ b/2008/2xxx/CVE-2008-2298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5629", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5629" - }, - { - "name" : "29246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29246" - }, - { - "name" : "webslider-admin-security-bypass(42468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5629", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5629" + }, + { + "name": "29246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29246" + }, + { + "name": "webslider-admin-security-bypass(42468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42468" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0295.json b/2012/0xxx/CVE-2012-0295.json index 670989e7134..352b3b90a70 100644 --- a/2012/0xxx/CVE-2012-0295.json +++ b/2012/0xxx/CVE-2012-0295.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01" - }, - { - "name" : "53184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53184" - }, - { - "name" : "53183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53183" - }, - { - "name" : "1027093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01" + }, + { + "name": "53184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53184" + }, + { + "name": "53183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53183" + }, + { + "name": "1027093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027093" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0566.json b/2012/0xxx/CVE-2012-0566.json index 88c451e6626..535ded169d3 100644 --- a/2012/0xxx/CVE-2012-0566.json +++ b/2012/0xxx/CVE-2012-0566.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53086" - }, - { - "name" : "1026937", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026937" - }, - { - "name" : "48874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53086" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026937", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026937" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48874" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0732.json b/2012/0xxx/CVE-2012-0732.json index 8b5d9a02c75..d93f3a0e3f0 100644 --- a/2012/0xxx/CVE-2012-0732.json +++ b/2012/0xxx/CVE-2012-0732.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188" - }, - { - "name" : "53247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53247" - }, - { - "name" : "48967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48967" - }, - { - "name" : "48968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48968" - }, - { - "name" : "ae-ecc-spoofing(74389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48967" + }, + { + "name": "ae-ecc-spoofing(74389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74389" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188" + }, + { + "name": "48968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48968" + }, + { + "name": "53247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53247" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0810.json b/2012/0xxx/CVE-2012-0810.json index 0754f312911..e49be7ba26c 100644 --- a/2012/0xxx/CVE-2012-0810.json +++ b/2012/0xxx/CVE-2012-0810.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0810", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0810", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1044.json b/2012/1xxx/CVE-2012-1044.json index 5fa1638f610..deae5867dbe 100644 --- a/2012/1xxx/CVE-2012-1044.json +++ b/2012/1xxx/CVE-2012-1044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1044", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1044", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1158.json b/2012/1xxx/CVE-2012-1158.json index 31b3764ea99..e46f47d2af7 100644 --- a/2012/1xxx/CVE-2012-1158.json +++ b/2012/1xxx/CVE-2012-1158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1158", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1158", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1561.json b/2012/1xxx/CVE-2012-1561.json index dea05ee46bf..5f3298ef2de 100644 --- a/2012/1xxx/CVE-2012-1561.json +++ b/2012/1xxx/CVE-2012-1561.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/16/9" - }, - { - "name" : "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/9" - }, - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities" - }, - { - "name" : "https://drupal.org/node/1432970", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1432970" - }, - { - "name" : "http://drupal.org/node/1432318", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1432318" - }, - { - "name" : "http://drupal.org/node/1432320", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1432320" - }, - { - "name" : "http://drupalcode.org/project/finder.git/commit/13e2d0c", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/finder.git/commit/13e2d0c" - }, - { - "name" : "http://drupalcode.org/project/finder.git/commit/58443aa", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/finder.git/commit/58443aa" - }, - { - "name" : "79015", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79015" - }, - { - "name" : "47941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47941" - }, - { - "name" : "47943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47943" - }, - { - "name" : "drupal-finder-unspecified-xss(73110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the \"checkbox and radio button functionalities.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1432320", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1432320" + }, + { + "name": "http://drupal.org/node/1432318", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1432318" + }, + { + "name": "[oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/9" + }, + { + "name": "79015", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79015" + }, + { + "name": "[oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/16/9" + }, + { + "name": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities", + "refsource": "MISC", + "url": "http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "47941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47941" + }, + { + "name": "http://drupalcode.org/project/finder.git/commit/58443aa", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/finder.git/commit/58443aa" + }, + { + "name": "http://drupalcode.org/project/finder.git/commit/13e2d0c", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/finder.git/commit/13e2d0c" + }, + { + "name": "https://drupal.org/node/1432970", + "refsource": "MISC", + "url": "https://drupal.org/node/1432970" + }, + { + "name": "drupal-finder-unspecified-xss(73110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73110" + }, + { + "name": "47943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47943" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1704.json b/2012/1xxx/CVE-2012-1704.json index 2fcbc670bcd..0a8f4e5a8ce 100644 --- a/2012/1xxx/CVE-2012-1704.json +++ b/2012/1xxx/CVE-2012-1704.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base, a different vulnerability than CVE-2012-1707." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53094" - }, - { - "name" : "1026953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base, a different vulnerability than CVE-2012-1707." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026953" + }, + { + "name": "53094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53094" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1743.json b/2012/1xxx/CVE-2012-1743.json index 8587f9eb92d..9c9feffdf72 100644 --- a/2012/1xxx/CVE-2012-1743.json +++ b/2012/1xxx/CVE-2012-1743.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0.x, 4.6.2, and 4.6.3 allows remote authenticated users to affect confidentiality, related to HTML Surround." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54563" - }, - { - "name" : "83972", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83972" - }, - { - "name" : "1027266", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027266" - }, - { - "name" : "clinicalremote-html-info-disc(77040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0.x, 4.6.2, and 4.6.3 allows remote authenticated users to affect confidentiality, related to HTML Surround." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clinicalremote-html-info-disc(77040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77040" + }, + { + "name": "83972", + "refsource": "OSVDB", + "url": "http://osvdb.org/83972" + }, + { + "name": "54563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54563" + }, + { + "name": "1027266", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027266" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5043.json b/2012/5xxx/CVE-2012-5043.json index c74fa83a787..b4689250401 100644 --- a/2012/5xxx/CVE-2012-5043.json +++ b/2012/5xxx/CVE-2012-5043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5053.json b/2012/5xxx/CVE-2012-5053.json index df3368dd3e5..56929ceb250 100644 --- a/2012/5xxx/CVE-2012-5053.json +++ b/2012/5xxx/CVE-2012-5053.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130115 Trimble(R) Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html" - }, - { - "name" : "http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf", - "refsource" : "MISC", - "url" : "http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf" - }, - { - "name" : "http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf", - "refsource" : "MISC", - "url" : "http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130115 Trimble(R) Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0063.html" + }, + { + "name": "http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf", + "refsource": "MISC", + "url": "http://trl.trimble.com/docushare/dsweb/Get/Document-644791/Infrastructure_GNSS-SeriesReceivers_4.70_RelNotes.pdf" + }, + { + "name": "http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf", + "refsource": "MISC", + "url": "http://trl.trimble.com/docushare/dsweb/Get/Document-636664/NetRS_1%203-2_RelNotes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5534.json b/2012/5xxx/CVE-2012-5534.json index a9bc26d62ce..b8d9dd5e846 100644 --- a/2012/5xxx/CVE-2012-5534.json +++ b/2012/5xxx/CVE-2012-5534.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/19/4" - }, - { - "name" : "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a" - }, - { - "name" : "http://weechat.org/security/", - "refsource" : "CONFIRM", - "url" : "http://weechat.org/security/" - }, - { - "name" : "https://savannah.nongnu.org/bugs/?37764", - "refsource" : "CONFIRM", - "url" : "https://savannah.nongnu.org/bugs/?37764" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347" - }, - { - "name" : "FEDORA-2012-18494", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html" - }, - { - "name" : "FEDORA-2012-18526", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html" - }, - { - "name" : "FEDORA-2012-18575", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html" - }, - { - "name" : "MDVSA-2013:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136" - }, - { - "name" : "openSUSE-SU-2012:1580", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html" - }, - { - "name" : "openSUSE-SU-2013:0150", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html" - }, - { - "name" : "56584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56584" - }, - { - "name" : "51294", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51294" - }, - { - "name" : "51377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/gitweb/?p=weechat.git;a=commitdiff_plain;h=efb795c74fe954b9544074aafcebb1be4452b03a" + }, + { + "name": "51294", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51294" + }, + { + "name": "51377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51377" + }, + { + "name": "openSUSE-SU-2013:0150", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0347" + }, + { + "name": "openSUSE-SU-2012:1580", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00087.html" + }, + { + "name": "56584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56584" + }, + { + "name": "FEDORA-2012-18575", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093516.html" + }, + { + "name": "http://weechat.org/security/", + "refsource": "CONFIRM", + "url": "http://weechat.org/security/" + }, + { + "name": "FEDORA-2012-18526", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html" + }, + { + "name": "[oss-security] 20121119 Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/19/4" + }, + { + "name": "https://savannah.nongnu.org/bugs/?37764", + "refsource": "CONFIRM", + "url": "https://savannah.nongnu.org/bugs/?37764" + }, + { + "name": "MDVSA-2013:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:136" + }, + { + "name": "FEDORA-2012-18494", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5755.json b/2012/5xxx/CVE-2012-5755.json index ab900fed65f..48db3842a6f 100644 --- a/2012/5xxx/CVE-2012-5755.json +++ b/2012/5xxx/CVE-2012-5755.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5755", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5755", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5905.json b/2012/5xxx/CVE-2012-5905.json index 865424cd576..3de94757b41 100644 --- a/2012/5xxx/CVE-2012-5905.json +++ b/2012/5xxx/CVE-2012-5905.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18671", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18671" - }, - { - "name" : "http://packetstormsecurity.org/files/111296/KnFTPd-1.0.0-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111296/KnFTPd-1.0.0-Denial-Of-Service.html" - }, - { - "name" : "52805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52805" - }, - { - "name" : "80666", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80666" - }, - { - "name" : "knftpd-feat-dos(74441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to cause a denial of service (crash) via a long string in a FEAT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52805" + }, + { + "name": "80666", + "refsource": "OSVDB", + "url": "http://osvdb.org/80666" + }, + { + "name": "http://packetstormsecurity.org/files/111296/KnFTPd-1.0.0-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111296/KnFTPd-1.0.0-Denial-Of-Service.html" + }, + { + "name": "knftpd-feat-dos(74441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74441" + }, + { + "name": "18671", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002152.json b/2017/1002xxx/CVE-2017-1002152.json index 7c057cbcb98..f5ecf0538b5 100644 --- a/2017/1002xxx/CVE-2017-1002152.json +++ b/2017/1002xxx/CVE-2017-1002152.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-10T14:30Z", - "ID" : "CVE-2017-1002152", - "REQUESTER" : "patrick@puiterwijk.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:30Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bodhi", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "2.9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Fedora Project Infrastructure" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-94" - } + "CVE_data_meta": { + "ASSIGNER": "patrick@puiterwijk.org", + "DATE_ASSIGNED": "2017-08-10T14:30Z", + "ID": "CVE-2017-1002152", + "REQUESTER": "patrick@puiterwijk.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:30Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bodhi", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "2.9.0" + } + ] + } + } + ] + }, + "vendor_name": "Fedora Project Infrastructure" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fedora-infra/bodhi/issues/1740", - "refsource" : "CONFIRM", - "url" : "https://github.com/fedora-infra/bodhi/issues/1740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fedora-infra/bodhi/issues/1740", + "refsource": "CONFIRM", + "url": "https://github.com/fedora-infra/bodhi/issues/1740" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3563.json b/2017/3xxx/CVE-2017-3563.json index 94577936b78..112f46ddc20 100644 --- a/2017/3xxx/CVE-2017-3563.json +++ b/2017/3xxx/CVE-2017-3563.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.0.38" - }, - { - "version_affected" : "<", - "version_value" : "5.1.20" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.38" + }, + { + "version_affected": "<", + "version_value": "5.1.20" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41908", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41908/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97732", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97732" - }, - { - "name" : "1038288", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038288", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038288" + }, + { + "name": "41908", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41908/" + }, + { + "name": "97732", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97732" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3809.json b/2017/3xxx/CVE-2017-3809.json index e785507569b..382495ed07f 100644 --- a/2017/3xxx/CVE-2017-3809.json +++ b/2017/3xxx/CVE-2017-3809.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "prevent deployment of a complete and accurate rule base" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Management Center (FMC) 6.1.0 6.2.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc" - }, - { - "name" : "95941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95941" - }, - { - "name" : "1037776", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "prevent deployment of a complete and accurate rule base" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037776", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037776" + }, + { + "name": "95941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95941" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3839.json b/2017/3xxx/CVE-2017-3839.json index 86f84ae869b..f9f29c43ae3 100644 --- a/2017/3xxx/CVE-2017-3839.json +++ b/2017/3xxx/CVE-2017-3839.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Secure Access Control System", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Secure Access Control System" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Secure Access Control System", + "version": { + "version_data": [ + { + "version_value": "Cisco Secure Access Control System" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1" - }, - { - "name" : "96236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96236" - }, - { - "name" : "1037836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96236" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1" + }, + { + "name": "1037836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037836" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6179.json b/2017/6xxx/CVE-2017-6179.json index 4a4b48af071..55af0a208b4 100644 --- a/2017/6xxx/CVE-2017-6179.json +++ b/2017/6xxx/CVE-2017-6179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7022.json b/2017/7xxx/CVE-2017-7022.json index 9a92d60886b..b89237132bb 100644 --- a/2017/7xxx/CVE-2017-7022.json +++ b/2017/7xxx/CVE-2017-7022.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207922", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207922" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "https://support.apple.com/HT207924", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207924" - }, - { - "name" : "https://support.apple.com/HT207925", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207925" - }, - { - "name" : "99883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99883" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207924", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207924" + }, + { + "name": "https://support.apple.com/HT207925", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207925" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "99883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99883" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + }, + { + "name": "https://support.apple.com/HT207922", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207922" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7321.json b/2017/7xxx/CVE-2017-7321.json index 9dc0d0c60f8..8dd8053a64b 100644 --- a/2017/7xxx/CVE-2017-7321.json +++ b/2017/7xxx/CVE-2017-7321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf", - "refsource" : "MISC", - "url" : "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf" - }, - { - "name" : "97228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97228" + }, + { + "name": "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf", + "refsource": "MISC", + "url": "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8170.json b/2017/8xxx/CVE-2017-8170.json index e02b54a3e5d..fdb5cb21ef5 100644 --- a/2017/8xxx/CVE-2017-8170.json +++ b/2017/8xxx/CVE-2017-8170.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VIE-L09", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than VIE-L09C40B360 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VIE-L09", + "version": { + "version_data": [ + { + "version_value": "Earlier than VIE-L09C40B360 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8301.json b/2017/8xxx/CVE-2017-8301.json index 283f899e562..5fc059c184c 100644 --- a/2017/8xxx/CVE-2017-8301.json +++ b/2017/8xxx/CVE-2017-8301.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/oss-sec/2017/q2/145", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2017/q2/145" - }, - { - "name" : "https://github.com/libressl-portable/portable/issues/307", - "refsource" : "CONFIRM", - "url" : "https://github.com/libressl-portable/portable/issues/307" - }, - { - "name" : "https://trac.nginx.org/nginx/ticket/1257", - "refsource" : "CONFIRM", - "url" : "https://trac.nginx.org/nginx/ticket/1257" - }, - { - "name" : "98076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98076" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/oss-sec/2017/q2/145", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2017/q2/145" + }, + { + "name": "https://github.com/libressl-portable/portable/issues/307", + "refsource": "CONFIRM", + "url": "https://github.com/libressl-portable/portable/issues/307" + }, + { + "name": "https://trac.nginx.org/nginx/ticket/1257", + "refsource": "CONFIRM", + "url": "https://trac.nginx.org/nginx/ticket/1257" + }, + { + "name": "98076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98076" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8354.json b/2017/8xxx/CVE-2017-8354.json index 166ff6f33f2..f1e9d9f037a 100644 --- a/2017/8xxx/CVE-2017-8354.json +++ b/2017/8xxx/CVE-2017-8354.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/451", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/451" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/451", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/451" + }, + { + "name": "98374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98374" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8368.json b/2017/8xxx/CVE-2017-8368.json index 42da22890ca..ec1d3d7168e 100644 --- a/2017/8xxx/CVE-2017-8368.json +++ b/2017/8xxx/CVE-2017-8368.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sublime Text 3 Build 3126 allows user-assisted attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as demonstrated by Ctrl-A, Delete, and Ctrl-Z." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8368", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8368" - }, - { - "name" : "https://github.com/SublimeTextIssues/Core/issues/1700", - "refsource" : "CONFIRM", - "url" : "https://github.com/SublimeTextIssues/Core/issues/1700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sublime Text 3 Build 3126 allows user-assisted attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as demonstrated by Ctrl-A, Delete, and Ctrl-Z." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SublimeTextIssues/Core/issues/1700", + "refsource": "CONFIRM", + "url": "https://github.com/SublimeTextIssues/Core/issues/1700" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8368", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8368" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8766.json b/2017/8xxx/CVE-2017-8766.json index 7fe6f6b3acc..4d583c8e3a7 100644 --- a/2017/8xxx/CVE-2017-8766.json +++ b/2017/8xxx/CVE-2017-8766.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a \"User Mode Write AV near NULL\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8766", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) allows remote attackers to execute code via a crafted .mov file, because of a \"User Mode Write AV near NULL\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8766", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8766" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8943.json b/2017/8xxx/CVE-2017-8943.json index 1a18a1db70b..329fe82cc0d 100644 --- a/2017/8xxx/CVE-2017-8943.json +++ b/2017/8xxx/CVE-2017-8943.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10265.json b/2018/10xxx/CVE-2018-10265.json index 1ec257c7d60..20b3de5760b 100644 --- a/2018/10xxx/CVE-2018-10265.json +++ b/2018/10xxx/CVE-2018-10265.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Neeke/HongCMS/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/Neeke/HongCMS/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Neeke/HongCMS/issues/1", + "refsource": "MISC", + "url": "https://github.com/Neeke/HongCMS/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10587.json b/2018/10xxx/CVE-2018-10587.json index 778da55bcb8..33d38e97d73 100644 --- a/2018/10xxx/CVE-2018-10587.json +++ b/2018/10xxx/CVE-2018-10587.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2018-004", - "refsource" : "MISC", - "url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2018-004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2018-004", + "refsource": "MISC", + "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2018-004" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13061.json b/2018/13xxx/CVE-2018-13061.json index 8d0dfe8312e..e130be8f935 100644 --- a/2018/13xxx/CVE-2018-13061.json +++ b/2018/13xxx/CVE-2018-13061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13768.json b/2018/13xxx/CVE-2018-13768.json index 3aa2c9315d4..46ffada8cca 100644 --- a/2018/13xxx/CVE-2018-13768.json +++ b/2018/13xxx/CVE-2018-13768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ZToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17174.json b/2018/17xxx/CVE-2018-17174.json index f9daab8df5c..b2796c1d99f 100644 --- a/2018/17xxx/CVE-2018-17174.json +++ b/2018/17xxx/CVE-2018-17174.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cnblogs.com/tr3e/p/9662324.html", - "refsource" : "MISC", - "url" : "https://www.cnblogs.com/tr3e/p/9662324.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cnblogs.com/tr3e/p/9662324.html", + "refsource": "MISC", + "url": "https://www.cnblogs.com/tr3e/p/9662324.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17255.json b/2018/17xxx/CVE-2018-17255.json index 2dfc4a726dd..186d4236386 100644 --- a/2018/17xxx/CVE-2018-17255.json +++ b/2018/17xxx/CVE-2018-17255.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45445", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45445/" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2018090182", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018090182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45445", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45445/" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2018090182", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018090182" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17885.json b/2018/17xxx/CVE-2018-17885.json index 63a8fd36744..201a9774a22 100644 --- a/2018/17xxx/CVE-2018-17885.json +++ b/2018/17xxx/CVE-2018-17885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17885", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17885", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20006.json b/2018/20xxx/CVE-2018-20006.json index 13065114c5c..12d6b005c5f 100644 --- a/2018/20xxx/CVE-2018-20006.json +++ b/2018/20xxx/CVE-2018-20006.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qinggan/phpok/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/qinggan/phpok/issues/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/qinggan/phpok/issues/3", + "refsource": "MISC", + "url": "https://github.com/qinggan/phpok/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9468.json b/2018/9xxx/CVE-2018-9468.json index c6e77b53918..223edadb560 100644 --- a/2018/9xxx/CVE-2018-9468.json +++ b/2018/9xxx/CVE-2018-9468.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9468", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9468", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9484.json b/2018/9xxx/CVE-2018-9484.json index a2ec516b384..dafc0d271cf 100644 --- a/2018/9xxx/CVE-2018-9484.json +++ b/2018/9xxx/CVE-2018-9484.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9484", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9484", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9533.json b/2018/9xxx/CVE-2018-9533.json index 060e61e412d..96466de9526 100644 --- a/2018/9xxx/CVE-2018-9533.json +++ b/2018/9xxx/CVE-2018-9533.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9592.json b/2018/9xxx/CVE-2018-9592.json index 000ce65d24d..1d86ee961c7 100644 --- a/2018/9xxx/CVE-2018-9592.json +++ b/2018/9xxx/CVE-2018-9592.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2019-01-01T00:00:00", - "ID" : "CVE-2018-9592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Android" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2019-01-01T00:00:00", + "ID": "CVE-2018-9592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Android" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2019-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2019-01-01.html" - }, - { - "name" : "106495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116319076." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106495" + }, + { + "name": "https://source.android.com/security/bulletin/2019-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2019-01-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9696.json b/2018/9xxx/CVE-2018-9696.json index 4393c445f31..6f9b0b2b154 100644 --- a/2018/9xxx/CVE-2018-9696.json +++ b/2018/9xxx/CVE-2018-9696.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9696", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9696", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9928.json b/2018/9xxx/CVE-2018-9928.json index e35c7db1e40..5dbeb7ef70d 100644 --- a/2018/9xxx/CVE-2018-9928.json +++ b/2018/9xxx/CVE-2018-9928.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Sm1L3ing/xss-in-metinfo/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/Sm1L3ing/xss-in-metinfo/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Sm1L3ing/xss-in-metinfo/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/Sm1L3ing/xss-in-metinfo/blob/master/README.md" + } + ] + } +} \ No newline at end of file