From e4eae00510d0abec19a3d3ce55bbd085823fe4a5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:16:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1028.json | 150 ++++++++-------- 2002/1xxx/CVE-2002-1271.json | 180 +++++++++---------- 2002/1xxx/CVE-2002-1384.json | 250 +++++++++++++------------- 2002/1xxx/CVE-2002-1864.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0322.json | 130 +++++++------- 2003/0xxx/CVE-2003-0390.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0817.json | 210 +++++++++++----------- 2003/0xxx/CVE-2003-0935.json | 170 +++++++++--------- 2003/1xxx/CVE-2003-1115.json | 160 ++++++++--------- 2003/1xxx/CVE-2003-1224.json | 130 +++++++------- 2003/1xxx/CVE-2003-1255.json | 140 +++++++-------- 2004/2xxx/CVE-2004-2030.json | 190 ++++++++++---------- 2004/2xxx/CVE-2004-2098.json | 140 +++++++-------- 2012/0xxx/CVE-2012-0183.json | 180 +++++++++---------- 2012/0xxx/CVE-2012-0323.json | 140 +++++++-------- 2012/0xxx/CVE-2012-0554.json | 160 ++++++++--------- 2012/0xxx/CVE-2012-0739.json | 34 ++-- 2012/1xxx/CVE-2012-1032.json | 150 ++++++++-------- 2012/1xxx/CVE-2012-1055.json | 150 ++++++++-------- 2012/1xxx/CVE-2012-1299.json | 34 ++-- 2012/1xxx/CVE-2012-1793.json | 34 ++-- 2012/1xxx/CVE-2012-1873.json | 140 +++++++-------- 2012/4xxx/CVE-2012-4078.json | 140 +++++++-------- 2012/4xxx/CVE-2012-4599.json | 120 ++++++------- 2012/5xxx/CVE-2012-5595.json | 34 ++-- 2012/5xxx/CVE-2012-5597.json | 34 ++-- 2012/5xxx/CVE-2012-5797.json | 130 +++++++------- 2017/2xxx/CVE-2017-2265.json | 130 +++++++------- 2017/3xxx/CVE-2017-3220.json | 34 ++-- 2017/3xxx/CVE-2017-3542.json | 166 +++++++++--------- 2017/3xxx/CVE-2017-3737.json | 312 ++++++++++++++++----------------- 2017/3xxx/CVE-2017-3967.json | 168 +++++++++--------- 2017/6xxx/CVE-2017-6259.json | 122 ++++++------- 2017/6xxx/CVE-2017-6269.json | 132 +++++++------- 2017/6xxx/CVE-2017-6484.json | 120 ++++++------- 2017/6xxx/CVE-2017-6712.json | 130 +++++++------- 2017/6xxx/CVE-2017-6725.json | 140 +++++++-------- 2017/6xxx/CVE-2017-6891.json | 180 +++++++++---------- 2017/7xxx/CVE-2017-7177.json | 150 ++++++++-------- 2017/7xxx/CVE-2017-7802.json | 266 ++++++++++++++-------------- 2017/7xxx/CVE-2017-7956.json | 34 ++-- 2017/7xxx/CVE-2017-7977.json | 120 ++++++------- 2017/8xxx/CVE-2017-8250.json | 130 +++++++------- 2017/8xxx/CVE-2017-8903.json | 160 ++++++++--------- 2018/10xxx/CVE-2018-10104.json | 34 ++-- 2018/10xxx/CVE-2018-10301.json | 120 ++++++------- 2018/10xxx/CVE-2018-10373.json | 140 +++++++-------- 2018/13xxx/CVE-2018-13564.json | 130 +++++++------- 2018/17xxx/CVE-2018-17510.json | 34 ++-- 2018/17xxx/CVE-2018-17704.json | 130 +++++++------- 2018/17xxx/CVE-2018-17714.json | 34 ++-- 2018/20xxx/CVE-2018-20250.json | 157 +++++++++-------- 2018/20xxx/CVE-2018-20306.json | 120 ++++++------- 2018/20xxx/CVE-2018-20332.json | 130 +++++++------- 2018/20xxx/CVE-2018-20623.json | 130 +++++++------- 2018/9xxx/CVE-2018-9132.json | 130 +++++++------- 2018/9xxx/CVE-2018-9382.json | 34 ++-- 2018/9xxx/CVE-2018-9583.json | 132 +++++++------- 2018/9xxx/CVE-2018-9985.json | 120 ++++++------- 59 files changed, 3842 insertions(+), 3837 deletions(-) diff --git a/2002/1xxx/CVE-2002-1028.json b/2002/1xxx/CVE-2002-1028.json index 985644d6574..e0fca24766c 100644 --- a/2002/1xxx/CVE-2002-1028.json +++ b/2002/1xxx/CVE-2002-1028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020716 Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html" - }, - { - "name" : "http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:", - "refsource" : "MISC", - "url" : "http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:" - }, - { - "name" : "5248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5248" - }, - { - "name" : "oddsock-song-requester-dos(9585)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9585.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the CGI programs for Oddsock Song Requester WinAmp plugin 2.1 allow remote attackers to cause a denial of service (crash) via long arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:", + "refsource": "MISC", + "url": "http://www.oddsock.org/tools/gen_songrequester/#Release%202.2%20Notes%20:" + }, + { + "name": "20020716 Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0175.html" + }, + { + "name": "oddsock-song-requester-dos(9585)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9585.php" + }, + { + "name": "5248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5248" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1271.json b/2002/1xxx/CVE-2002-1271.json index 3285b0a4600..dccb65d670f 100644 --- a/2002/1xxx/CVE-2002-1271.json +++ b/2002/1xxx/CVE-2002-1271.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-386", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-386" - }, - { - "name" : "MDKSA-2002:076", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php" - }, - { - "name" : "SuSE-SA:2002:041", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html" - }, - { - "name" : "20021106 GLSA: MailTools", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103659723101369&w=2" - }, - { - "name" : "20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103679569705086&w=2" - }, - { - "name" : "mail-mailer-command-execution(10548)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10548.php" - }, - { - "name" : "6104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-386", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-386" + }, + { + "name": "mail-mailer-command-execution(10548)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10548.php" + }, + { + "name": "20021106 GLSA: MailTools", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103659723101369&w=2" + }, + { + "name": "20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103679569705086&w=2" + }, + { + "name": "6104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6104" + }, + { + "name": "MDKSA-2002:076", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php" + }, + { + "name": "SuSE-SA:2002:041", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1384.json b/2002/1xxx/CVE-2002-1384.json index 9582f135f10..074ec83014b 100644 --- a/2002/1xxx/CVE-2002-1384.json +++ b/2002/1xxx/CVE-2002-1384.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.idefense.com/advisory/12.23.02.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/12.23.02.txt" - }, - { - "name" : "DSA-222", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-222" - }, - { - "name" : "DSA-226", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-226" - }, - { - "name" : "DSA-232", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-232" - }, - { - "name" : "GLSA-200301-1", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=104152282309980&w=2" - }, - { - "name" : "MDKSA-2003:001", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" - }, - { - "name" : "MDKSA-2003:002", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002" - }, - { - "name" : "RHSA-2002:295", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" - }, - { - "name" : "RHSA-2002:307", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-307.html" - }, - { - "name" : "RHSA-2003:037", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-037.html" - }, - { - "name" : "RHSA-2003:216", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-216.html" - }, - { - "name" : "SUSE-SA:2003:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" - }, - { - "name" : "6475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6475" - }, - { - "name" : "pdftops-integer-overflow(10937)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-232", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-232" + }, + { + "name": "RHSA-2002:295", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html" + }, + { + "name": "MDKSA-2003:002", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002" + }, + { + "name": "SUSE-SA:2003:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html" + }, + { + "name": "6475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6475" + }, + { + "name": "MDKSA-2003:001", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" + }, + { + "name": "GLSA-200301-1", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=104152282309980&w=2" + }, + { + "name": "http://www.idefense.com/advisory/12.23.02.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/12.23.02.txt" + }, + { + "name": "RHSA-2002:307", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-307.html" + }, + { + "name": "pdftops-integer-overflow(10937)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10937" + }, + { + "name": "RHSA-2003:216", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-216.html" + }, + { + "name": "DSA-226", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-226" + }, + { + "name": "RHSA-2003:037", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-037.html" + }, + { + "name": "DSA-222", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-222" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1864.json b/2002/1xxx/CVE-2002-1864.json index 5805ff49dd7..7eff35c5465 100644 --- a/2002/1xxx/CVE-2002-1864.json +++ b/2002/1xxx/CVE-2002-1864.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a \"..\" (dot dot) in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020903 Re: SWS Web Server v0.1.0 Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html" - }, - { - "name" : "5662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5662" - }, - { - "name" : "sws-webserver-directory-traversal(10070)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10070.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 through 0.1.0 allows remote attackers to read arbitrary files via a \"..\" (dot dot) in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sws-webserver-directory-traversal(10070)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10070.php" + }, + { + "name": "5662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5662" + }, + { + "name": "20020903 Re: SWS Web Server v0.1.0 Exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0322.json b/2003/0xxx/CVE-2003-0322.json index 2a36dec0577..35a7f058bf6 100644 --- a/2003/0xxx/CVE-2003-0322.json +++ b/2003/0xxx/CVE-2003-0322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-306", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-306" - }, - { - "name" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz", - "refsource" : "MISC", - "url" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz", + "refsource": "MISC", + "url": "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz" + }, + { + "name": "DSA-306", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-306" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0390.json b/2003/0xxx/CVE-2003-0390.json index 3f64e14d445..83daefc90ac 100644 --- a/2003/0xxx/CVE-2003-0390.json +++ b/2003/0xxx/CVE-2003-0390.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105121918523320&w=2" - }, - { - "name" : "20030523 Re: Options Parsing Tool library buffer overflows.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105371246204866&w=2" - }, - { - "name" : "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030523 Re: Options Parsing Tool library buffer overflows.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105371246204866&w=2" + }, + { + "name": "20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105121918523320&w=2" + }, + { + "name": "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz", + "refsource": "CONFIRM", + "url": "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0817.json b/2003/0xxx/CVE-2003-0817.json index 4911520af43..39adca2d63a 100644 --- a/2003/0xxx/CVE-2003-0817.json +++ b/2003/0xxx/CVE-2003-0817.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-048", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" - }, - { - "name" : "9012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9012" - }, - { - "name" : "oval:org.mitre.oval:def:508", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" - }, - { - "name" : "oval:org.mitre.oval:def:520", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" - }, - { - "name" : "oval:org.mitre.oval:def:543", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" - }, - { - "name" : "oval:org.mitre.oval:def:548", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" - }, - { - "name" : "oval:org.mitre.oval:def:549", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" - }, - { - "name" : "oval:org.mitre.oval:def:556", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" - }, - { - "name" : "oval:org.mitre.oval:def:566", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" - }, - { - "name" : "10192", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:508", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508" + }, + { + "name": "oval:org.mitre.oval:def:543", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543" + }, + { + "name": "oval:org.mitre.oval:def:548", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548" + }, + { + "name": "oval:org.mitre.oval:def:520", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520" + }, + { + "name": "MS03-048", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048" + }, + { + "name": "oval:org.mitre.oval:def:556", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556" + }, + { + "name": "9012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9012" + }, + { + "name": "oval:org.mitre.oval:def:549", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549" + }, + { + "name": "oval:org.mitre.oval:def:566", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566" + }, + { + "name": "10192", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10192" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0935.json b/2003/0xxx/CVE-2003-0935.json index 3b25963364a..cdd4beb16cd 100644 --- a/2003/0xxx/CVE-2003-0935.json +++ b/2003/0xxx/CVE-2003-0935.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=308015", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=308015" - }, - { - "name" : "CLA-2003:778", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778" - }, - { - "name" : "RHSA-2004:023", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-023.html" - }, - { - "name" : "RHSA-2003:335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-335.html" - }, - { - "name" : "oval:org.mitre.oval:def:869", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869" - }, - { - "name" : "oval:org.mitre.oval:def:9802", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:023", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-023.html" + }, + { + "name": "RHSA-2003:335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-335.html" + }, + { + "name": "oval:org.mitre.oval:def:9802", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9802" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=308015", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=308015" + }, + { + "name": "oval:org.mitre.oval:def:869", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869" + }, + { + "name": "CLA-2003:778", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1115.json b/2003/1xxx/CVE-2003-1115.json index 06d931429d3..3e31a7e6e8d 100644 --- a/2003/1xxx/CVE-2003-1115.json +++ b/2003/1xxx/CVE-2003-1115.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/" - }, - { - "name" : "CA-2003-06", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-06.html" - }, - { - "name" : "VU#528719", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/528719" - }, - { - "name" : "6904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6904" - }, - { - "name" : "sip-invite(11379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/" + }, + { + "name": "VU#528719", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/528719" + }, + { + "name": "CA-2003-06", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-06.html" + }, + { + "name": "6904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6904" + }, + { + "name": "sip-invite(11379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1224.json b/2003/1xxx/CVE-2003-1224.json index 86870b09b42..4c562f7c98e 100644 --- a/2003/1xxx/CVE-2003-1224.json +++ b/2003/1xxx/CVE-2003-1224.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing (\"shoulder surfing\") the screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA03-30.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/22" - }, - { - "name" : "7563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing (\"shoulder surfing\") the screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7563" + }, + { + "name": "BEA03-30.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/22" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1255.json b/2003/1xxx/CVE-2003-1255.json index bf6a746a9f7..9f97c9f4575 100644 --- a/2003/1xxx/CVE-2003-1255.json +++ b/2003/1xxx/CVE-2003-1255.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html" - }, - { - "name" : "apb-addbookmark-authentication-bypass(11011)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11011" - }, - { - "name" : "6546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apb-addbookmark-authentication-bypass(11011)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11011" + }, + { + "name": "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html" + }, + { + "name": "6546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6546" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2030.json b/2004/2xxx/CVE-2004-2030.json index 41fb3f1f0ed..9e1a9e6482b 100644 --- a/2004/2xxx/CVE-2004-2030.json +++ b/2004/2xxx/CVE-2004-2030.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040522 Liferay Cross Site Scripting Flaw", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108526683823840&w=2" - }, - { - "name" : "20041125 Re: Liferay Cross Site Scripting Flaw", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110141194202856&w=2" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=252060", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=252060" - }, - { - "name" : "10402", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10402" - }, - { - "name" : "6346", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6346" - }, - { - "name" : "1010259", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010259" - }, - { - "name" : "11692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11692" - }, - { - "name" : "liferay-message-xss(16232)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041125 Re: Liferay Cross Site Scripting Flaw", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110141194202856&w=2" + }, + { + "name": "1010259", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010259" + }, + { + "name": "11692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11692" + }, + { + "name": "6346", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6346" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=252060", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=252060" + }, + { + "name": "10402", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10402" + }, + { + "name": "liferay-message-xss(16232)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16232" + }, + { + "name": "20040522 Liferay Cross Site Scripting Flaw", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108526683823840&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2098.json b/2004/2xxx/CVE-2004-2098.json index 8799419f788..88a0a8b9b9a 100644 --- a/2004/2xxx/CVE-2004-2098.json +++ b/2004/2xxx/CVE-2004-2098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040122 TBE - the banner engine server-side script execution vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107479071808330&w=2" - }, - { - "name" : "tbe-xss(14911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14911" - }, - { - "name" : "9472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tbe-xss(14911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14911" + }, + { + "name": "20040122 TBE - the banner engine server-side script execution vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107479071808330&w=2" + }, + { + "name": "9472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9472" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0183.json b/2012/0xxx/CVE-2012-0183.json index 182b8f8528c..4aa2a16a809 100644 --- a/2012/0xxx/CVE-2012-0183.json +++ b/2012/0xxx/CVE-2012-0183.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"RTF Mismatch Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-029", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029" - }, - { - "name" : "TA12-129A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" - }, - { - "name" : "53344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53344" - }, - { - "name" : "oval:org.mitre.oval:def:15327", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327" - }, - { - "name" : "1027035", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027035" - }, - { - "name" : "49111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49111" - }, - { - "name" : "microsoft-office-rtf-code-execution(75122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka \"RTF Mismatch Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS12-029", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-029" + }, + { + "name": "53344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53344" + }, + { + "name": "1027035", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027035" + }, + { + "name": "oval:org.mitre.oval:def:15327", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15327" + }, + { + "name": "TA12-129A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" + }, + { + "name": "microsoft-office-rtf-code-execution(75122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75122" + }, + { + "name": "49111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49111" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0323.json b/2012/0xxx/CVE-2012-0323.json index e096684815a..f2b10a79ca0 100644 --- a/2012/0xxx/CVE-2012-0323.json +++ b/2012/0xxx/CVE-2012-0323.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://squirrelmail.org/plugin_view.php?id=32", - "refsource" : "MISC", - "url" : "http://squirrelmail.org/plugin_view.php?id=32" - }, - { - "name" : "JVN#56653852", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN56653852/index.html" - }, - { - "name" : "JVNDB-2012-000021", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000021", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000021" + }, + { + "name": "http://squirrelmail.org/plugin_view.php?id=32", + "refsource": "MISC", + "url": "http://squirrelmail.org/plugin_view.php?id=32" + }, + { + "name": "JVN#56653852", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN56653852/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0554.json b/2012/0xxx/CVE-2012-0554.json index 05aff4bbdc3..b198c280910 100644 --- a/2012/0xxx/CVE-2012-0554.json +++ b/2012/0xxx/CVE-2012-0554.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0555, CVE-2012-0556, and CVE-2012-0557." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53069", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53069" - }, - { - "name" : "1026949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0555, CVE-2012-0556, and CVE-2012-0557." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53069", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53069" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "1026949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026949" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0739.json b/2012/0xxx/CVE-2012-0739.json index 3e2224bb548..5e80d4b7028 100644 --- a/2012/0xxx/CVE-2012-0739.json +++ b/2012/0xxx/CVE-2012-0739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1032.json b/2012/1xxx/CVE-2012-1032.json index 98d44306e6c..aad2808b751 100644 --- a/2012/1xxx/CVE-2012-1032.json +++ b/2012/1xxx/CVE-2012-1032.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "52874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52874" - }, - { - "name" : "81013", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/81013" - }, - { - "name" : "48696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48696" - }, - { - "name" : "siteseeker-episerver-xss(74799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52874" + }, + { + "name": "48696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48696" + }, + { + "name": "siteseeker-episerver-xss(74799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74799" + }, + { + "name": "81013", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/81013" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1055.json b/2012/1xxx/CVE-2012-1055.json index 5cd7c215fa0..6a9700ac59e 100644 --- a/2012/1xxx/CVE-2012-1055.json +++ b/2012/1xxx/CVE-2012-1055.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in PhotoLine 17.01 and possibly other versions before 17.02 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51948" - }, - { - "name" : "78985", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78985" - }, - { - "name" : "47477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47477" - }, - { - "name" : "photoline-qcd-bo(73103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in PhotoLine 17.01 and possibly other versions before 17.02 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78985", + "refsource": "OSVDB", + "url": "http://osvdb.org/78985" + }, + { + "name": "51948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51948" + }, + { + "name": "photoline-qcd-bo(73103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73103" + }, + { + "name": "47477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47477" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1299.json b/2012/1xxx/CVE-2012-1299.json index 2dc8b8d4c43..a7eb9aadfce 100644 --- a/2012/1xxx/CVE-2012-1299.json +++ b/2012/1xxx/CVE-2012-1299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1793.json b/2012/1xxx/CVE-2012-1793.json index a6a3d49529b..370985340d2 100644 --- a/2012/1xxx/CVE-2012-1793.json +++ b/2012/1xxx/CVE-2012-1793.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1793", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1793", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1873.json b/2012/1xxx/CVE-2012-1873.json index 9e1daf0459f..c474439d401 100644 --- a/2012/1xxx/CVE-2012-1873.json +++ b/2012/1xxx/CVE-2012-1873.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka \"Null Byte Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15026", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka \"Null Byte Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "MS12-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" + }, + { + "name": "oval:org.mitre.oval:def:15026", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15026" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4078.json b/2012/4xxx/CVE-2012-4078.json index 8e03b5fb88b..c44a5f52051 100644 --- a/2012/4xxx/CVE-2012-4078.json +++ b/2012/4xxx/CVE-2012-4078.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130923 Cisco Unified Computing System Baseboard Management Controller Privilege Escalation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4078" - }, - { - "name" : "1029084", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029084" - }, - { - "name" : "cisco-ucs-cve20124078-priv-esc(87367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130923 Cisco Unified Computing System Baseboard Management Controller Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4078" + }, + { + "name": "cisco-ucs-cve20124078-priv-esc(87367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87367" + }, + { + "name": "1029084", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029084" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4599.json b/2012/4xxx/CVE-2012-4599.json index 1de44ba9222..8017e23aafe 100644 --- a/2012/4xxx/CVE-2012-4599.json +++ b/2012/4xxx/CVE-2012-4599.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10029", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10029", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10029" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5595.json b/2012/5xxx/CVE-2012-5595.json index 5eb0ef5cb04..793d3d9aec0 100644 --- a/2012/5xxx/CVE-2012-5595.json +++ b/2012/5xxx/CVE-2012-5595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5595", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5595", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6056. Reason: This candidate is a reservation duplicate of CVE-2012-6056. Notes: All CVE users should reference CVE-2012-6056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5597.json b/2012/5xxx/CVE-2012-5597.json index cc6b858a316..6fae98ff16c 100644 --- a/2012/5xxx/CVE-2012-5597.json +++ b/2012/5xxx/CVE-2012-5597.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5597", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5597", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6059. Reason: This candidate is a reservation duplicate of CVE-2012-6059. Notes: All CVE users should reference CVE-2012-6059 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5797.json b/2012/5xxx/CVE-2012-5797.json index f86a3ae7162..d2b51bd131a 100644 --- a/2012/5xxx/CVE-2012-5797.json +++ b/2012/5xxx/CVE-2012-5797.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "paypal-payflow-ssl-spoofing(79954)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "paypal-payflow-ssl-spoofing(79954)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79954" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2265.json b/2017/2xxx/CVE-2017-2265.json index 1fc42ef081c..75b7a59043e 100644 --- a/2017/2xxx/CVE-2017-2265.json +++ b/2017/2xxx/CVE-2017-2265.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FileCapsule Deluxe Portable", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.1.0.4.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Tomoki Fuke" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FileCapsule Deluxe Portable", + "version": { + "version_data": [ + { + "version_value": "Ver.1.0.4.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Tomoki Fuke" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://resumenext.blog.fc2.com/blog-entry-30.html", - "refsource" : "CONFIRM", - "url" : "http://resumenext.blog.fc2.com/blog-entry-30.html" - }, - { - "name" : "JVN#42031953", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN42031953/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://resumenext.blog.fc2.com/blog-entry-30.html", + "refsource": "CONFIRM", + "url": "http://resumenext.blog.fc2.com/blog-entry-30.html" + }, + { + "name": "JVN#42031953", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN42031953/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3220.json b/2017/3xxx/CVE-2017-3220.json index fda7972646c..f2dc102461d 100644 --- a/2017/3xxx/CVE-2017-3220.json +++ b/2017/3xxx/CVE-2017-3220.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3220", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3220", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3542.json b/2017/3xxx/CVE-2017-3542.json index a8ca08458bc..ee2219a2739 100644 --- a/2017/3xxx/CVE-2017-3542.json +++ b/2017/3xxx/CVE-2017-3542.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97760", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97760" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97760", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97760" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3737.json b/2017/3xxx/CVE-2017-3737.json index 8afa7274561..a1829d6fcaa 100644 --- a/2017/3xxx/CVE-2017-3737.json +++ b/2017/3xxx/CVE-2017-3737.json @@ -1,158 +1,158 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2017-12-07T00:00:00", - "ID" : "CVE-2017-3737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.2b-1.0.2m" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthenticated read/unencrypted write" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2017-12-07T00:00:00", + "ID": "CVE-2017-3737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "1.0.2b-1.0.2m" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/", - "refsource" : "MISC", - "url" : "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/" - }, - { - "name" : "https://www.openssl.org/news/secadv/20171207.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20171207.txt" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20171208-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171208-0001/" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-16", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-16" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180117-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180117-0002/" - }, - { - "name" : "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc", - "refsource" : "CONFIRM", - "url" : "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180419-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180419-0002/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf" - }, - { - "name" : "DSA-4065", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4065" - }, - { - "name" : "FreeBSD-SA-17:12", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc" - }, - { - "name" : "GLSA-201712-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201712-03" - }, - { - "name" : "RHSA-2018:0998", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0998" - }, - { - "name" : "RHSA-2018:2185", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2185" - }, - { - "name" : "RHSA-2018:2186", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2186" - }, - { - "name" : "RHSA-2018:2187", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2187" - }, - { - "name" : "102103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102103" - }, - { - "name" : "1039978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated read/unencrypted write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2185", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2185" + }, + { + "name": "RHSA-2018:2186", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2186" + }, + { + "name": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc", + "refsource": "CONFIRM", + "url": "https://github.com/openssl/openssl/commit/898fb884b706aaeb283de4812340bb0bde8476dc" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180419-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180419-0002/" + }, + { + "name": "FreeBSD-SA-17:12", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:12.openssl.asc" + }, + { + "name": "GLSA-201712-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201712-03" + }, + { + "name": "1039978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039978" + }, + { + "name": "https://www.openssl.org/news/secadv/20171207.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20171207.txt" + }, + { + "name": "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/", + "refsource": "MISC", + "url": "https://www.digitalmunition.me/2017/12/cve-2017-3737-openssl-security-bypass-vulnerability/" + }, + { + "name": "RHSA-2018:0998", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0998" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" + }, + { + "name": "DSA-4065", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4065" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-179516.pdf" + }, + { + "name": "102103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102103" + }, + { + "name": "https://www.tenable.com/security/tns-2017-16", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-16" + }, + { + "name": "RHSA-2018:2187", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2187" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180117-0002/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20171208-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171208-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3967.json b/2017/3xxx/CVE-2017-3967.json index 5868eddb415..4b9ad8fbab3 100644 --- a/2017/3xxx/CVE-2017-3967.json +++ b/2017/3xxx/CVE-2017-3967.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "DATE_PUBLIC" : "2017-03-29T17:00:00.000Z", - "ID" : "CVE-2017-3967", - "STATE" : "PUBLIC", - "TITLE" : "SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Security Management (NSM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "8.2", - "version_value" : "8.2.7.42.2" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.1, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "HIGH", - "privilegesRequired" : "HIGH", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Target influence via framing vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2017-03-29T17:00:00.000Z", + "ID": "CVE-2017-3967", + "STATE": "PUBLIC", + "TITLE": "SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Security Management (NSM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "8.2", + "version_value": "8.2.7.42.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" - } - ] - }, - "source" : { - "advisory" : "SB10192", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Target influence via framing vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Target influence via framing vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" + } + ] + }, + "source": { + "advisory": "SB10192", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6259.json b/2017/6xxx/CVE-2017-6259.json index eb426fa1b5b..df90a923b7c 100644 --- a/2017/6xxx/CVE-2017-6259.json +++ b/2017/6xxx/CVE-2017-6259.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-07-27T00:00:00", - "ID" : "CVE-2017-6259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NVIDIA GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-07-27T00:00:00", + "ID": "CVE-2017-6259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NVIDIA GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4525", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4525" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6269.json b/2017/6xxx/CVE-2017-6269.json index 772c5f3dc03..5f737041440 100644 --- a/2017/6xxx/CVE-2017-6269.json +++ b/2017/6xxx/CVE-2017-6269.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-09-21T00:00:00", - "ID" : "CVE-2017-6269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-09-21T00:00:00", + "ID": "CVE-2017-6269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" - }, - { - "name" : "101020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101020" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6484.json b/2017/6xxx/CVE-2017-6484.json index 863dd9f879c..a92640486f2 100644 --- a/2017/6xxx/CVE-2017-6484.json +++ b/2017/6xxx/CVE-2017-6484.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the \"INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/INTER-Mediator/INTER-Mediator/issues/772", - "refsource" : "CONFIRM", - "url" : "https://github.com/INTER-Mediator/INTER-Mediator/issues/772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the \"INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/INTER-Mediator/INTER-Mediator/issues/772", + "refsource": "CONFIRM", + "url": "https://github.com/INTER-Mediator/INTER-Mediator/issues/772" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6712.json b/2017/6xxx/CVE-2017-6712.json index 174684b3eb4..b62e0e27f17 100644 --- a/2017/6xxx/CVE-2017-6712.json +++ b/2017/6xxx/CVE-2017-6712.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Elastic Services Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Elastic Services Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a \"tomcat\" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Elastic Services Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Elastic Services Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc1" - }, - { - "name" : "99461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a \"tomcat\" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76634." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc1" + }, + { + "name": "99461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99461" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6725.json b/2017/6xxx/CVE-2017-6725.json index 672aeb5229a..76c8f874395 100644 --- a/2017/6xxx/CVE-2017-6725.json +++ b/2017/6xxx/CVE-2017-6725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Infrastructure", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Infrastructure" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Infrastructure", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Infrastructure" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1" - }, - { - "name" : "99202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99202" - }, - { - "name" : "1038751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.2(2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038751" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1" + }, + { + "name": "99202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99202" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6891.json b/2017/6xxx/CVE-2017-6891.json index 2fb48eda3f3..ceae5021f58 100644 --- a/2017/6xxx/CVE-2017-6891.json +++ b/2017/6xxx/CVE-2017-6891.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2017-6891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GnuTLS libtasn1", - "version" : { - "version_data" : [ - { - "version_value" : "4.10. Other versions may also be affected." - } - ] - } - } - ] - }, - "vendor_name" : "Flexera Software LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow leading to system compromise" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2017-6891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GnuTLS libtasn1", + "version": { + "version_data": [ + { + "version_value": "4.10. Other versions may also be affected." + } + ] + } + } + ] + }, + "vendor_name": "Flexera Software LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/advisories/76125/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/76125/" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" - }, - { - "name" : "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484" - }, - { - "name" : "DSA-3861", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3861" - }, - { - "name" : "GLSA-201710-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-11" - }, - { - "name" : "98641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98641" - }, - { - "name" : "1038619", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Two errors in the \"asn1_find_node()\" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow leading to system compromise" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201710-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-11" + }, + { + "name": "DSA-3861", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3861" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/advisories/76125/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/76125/" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/" + }, + { + "name": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484" + }, + { + "name": "98641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98641" + }, + { + "name": "1038619", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038619" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7177.json b/2017/7xxx/CVE-2017-7177.json index a30bad5ad43..a87c5e6f8ec 100644 --- a/2017/7xxx/CVE-2017-7177.json +++ b/2017/7xxx/CVE-2017-7177.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181204 [SECURITY] [DLA 1603-1] suricata security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html" - }, - { - "name" : "https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8" - }, - { - "name" : "https://redmine.openinfosecfoundation.org/issues/2019", - "refsource" : "CONFIRM", - "url" : "https://redmine.openinfosecfoundation.org/issues/2019" - }, - { - "name" : "97047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181204 [SECURITY] [DLA 1603-1] suricata security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html" + }, + { + "name": "https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8", + "refsource": "CONFIRM", + "url": "https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8" + }, + { + "name": "https://redmine.openinfosecfoundation.org/issues/2019", + "refsource": "CONFIRM", + "url": "https://redmine.openinfosecfoundation.org/issues/2019" + }, + { + "name": "97047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97047" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7802.json b/2017/7xxx/CVE-2017-7802.json index 4a7f4b6d026..7ef63b9ec92 100644 --- a/2017/7xxx/CVE-2017-7802.json +++ b/2017/7xxx/CVE-2017-7802.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free resizing image elements" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1378147", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1378147" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/" - }, - { - "name" : "DSA-3928", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3928" - }, - { - "name" : "DSA-3968", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3968" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2456" - }, - { - "name" : "RHSA-2017:2534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2534" - }, - { - "name" : "100202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100202" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free resizing image elements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-19/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378147", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378147" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-20/" + }, + { + "name": "DSA-3968", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3968" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "RHSA-2017:2456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2456" + }, + { + "name": "RHSA-2017:2534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2534" + }, + { + "name": "100202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100202" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + }, + { + "name": "DSA-3928", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3928" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7956.json b/2017/7xxx/CVE-2017-7956.json index b52de86d561..7d63ed0bc82 100644 --- a/2017/7xxx/CVE-2017-7956.json +++ b/2017/7xxx/CVE-2017-7956.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7956", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7956", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7977.json b/2017/7xxx/CVE-2017-7977.json index d0d79526867..8b362346a7c 100644 --- a/2017/7xxx/CVE-2017-7977.json +++ b/2017/7xxx/CVE-2017-7977.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.myelux.com/cvesingle.htm?cve_id=CVE-2017-7977", - "refsource" : "CONFIRM", - "url" : "https://www.myelux.com/cvesingle.htm?cve_id=CVE-2017-7977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.myelux.com/cvesingle.htm?cve_id=CVE-2017-7977", + "refsource": "CONFIRM", + "url": "https://www.myelux.com/cvesingle.htm?cve_id=CVE-2017-7977" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8250.json b/2017/8xxx/CVE-2017-8250.json index e27f6dc5723..62ac8f5a55c 100644 --- a/2017/8xxx/CVE-2017-8250.json +++ b/2017/8xxx/CVE-2017-8250.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables \"nr_cmds\" and \"nr_bos\" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables \"nr_cmds\" and \"nr_bos\" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8903.json b/2017/8xxx/CVE-2017-8903.json index c586b7fa400..c6511094ced 100644 --- a/2017/8xxx/CVE-2017-8903.json +++ b/2017/8xxx/CVE-2017-8903.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/", - "refsource" : "CONFIRM", - "url" : "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-213.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-213.html" - }, - { - "name" : "GLSA-201705-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-11" - }, - { - "name" : "98426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98426" - }, - { - "name" : "1038386", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-11" + }, + { + "name": "1038386", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038386" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-213.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-213.html" + }, + { + "name": "98426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98426" + }, + { + "name": "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/", + "refsource": "CONFIRM", + "url": "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10104.json b/2018/10xxx/CVE-2018-10104.json index bef93529610..4c61fa720e0 100644 --- a/2018/10xxx/CVE-2018-10104.json +++ b/2018/10xxx/CVE-2018-10104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10301.json b/2018/10xxx/CVE-2018-10301.json index 0be3ed0f8a6..1e4a42782e1 100644 --- a/2018/10xxx/CVE-2018-10301.json +++ b/2018/10xxx/CVE-2018-10301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", - "refsource" : "MISC", - "url" : "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram Feed WD plugin before 1.3.1 Premium for WordPress allows remote attackers to inject arbitrary web script or HTML by passing payloads in a comment on an Instagram post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271", + "refsource": "MISC", + "url": "https://medium.com/@squeal/wd-instagram-feed-1-3-0-xss-vulnerabilities-cve-2018-10300-and-cve-2018-10301-7173ffc4c271" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10373.json b/2018/10xxx/CVE-2018-10373.json index 5200e543da9..c7cde071566 100644 --- a/2018/10xxx/CVE-2018-10373.json +++ b/2018/10xxx/CVE-2018-10373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23065", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23065" - }, - { - "name" : "RHSA-2018:3032", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3032" - }, - { - "name" : "104000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23065", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23065" + }, + { + "name": "RHSA-2018:3032", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3032" + }, + { + "name": "104000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104000" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13564.json b/2018/13xxx/CVE-2018-13564.json index 7beba6ab849..3fe69f27cd5 100644 --- a/2018/13xxx/CVE-2018-13564.json +++ b/2018/13xxx/CVE-2018-13564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GATcoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GATcoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for GATcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GATcoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GATcoin" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17510.json b/2018/17xxx/CVE-2018-17510.json index ddc0065ac7f..3474e94d919 100644 --- a/2018/17xxx/CVE-2018-17510.json +++ b/2018/17xxx/CVE-2018-17510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17510", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17510", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17704.json b/2018/17xxx/CVE-2018-17704.json index f087f9c4bcc..d202a41e105 100644 --- a/2018/17xxx/CVE-2018-17704.json +++ b/2018/17xxx/CVE-2018-17704.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the textColor property of RadioButton objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7254." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1208/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1208/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the textColor property of RadioButton objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7254." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1208/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1208/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17714.json b/2018/17xxx/CVE-2018-17714.json index 9f684a6f9ff..888ad5b110d 100644 --- a/2018/17xxx/CVE-2018-17714.json +++ b/2018/17xxx/CVE-2018-17714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20250.json b/2018/20xxx/CVE-2018-20250.json index 441b14825f8..632aedbc477 100644 --- a/2018/20xxx/CVE-2018-20250.json +++ b/2018/20xxx/CVE-2018-20250.json @@ -1,78 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2019-02-05T00:00:00", - "ID" : "CVE-2018-20250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WinRAR", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior and including 5.61" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-36: Absolute Path Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2019-02-05T00:00:00", + "ID": "CVE-2018-20250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WinRAR", + "version": { + "version_data": [ + { + "version_value": "All versions prior and including 5.61" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.win-rar.com/whatsnew.html", - "refsource" : "MISC", - "url" : "https://www.win-rar.com/whatsnew.html" - }, - { - "name" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/", - "refsource" : "MISC", - "url" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/" - }, - { - "name" : "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", - "refsource" : "MISC", - "url" : "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE" - }, - { - "name" : "106948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-36: Absolute Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE", + "refsource": "MISC", + "url": "https://github.com/blau72/CVE-2018-20250-WinRAR-ACE" + }, + { + "name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/", + "refsource": "MISC", + "url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46552", + "url": "https://www.exploit-db.com/exploits/46552/" + }, + { + "name": "106948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106948" + }, + { + "name": "https://www.win-rar.com/whatsnew.html", + "refsource": "MISC", + "url": "https://www.win-rar.com/whatsnew.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20306.json b/2018/20xxx/CVE-2018-20306.json index eebd7999c3b..a8afa906abb 100644 --- a/2018/20xxx/CVE-2018-20306.json +++ b/2018/20xxx/CVE-2018-20306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", - "refsource" : "MISC", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", + "refsource": "MISC", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20332.json b/2018/20xxx/CVE-2018-20332.json index ae6750e1339..af5ce4a8e3c 100644 --- a/2018/20xxx/CVE-2018-20332.json +++ b/2018/20xxx/CVE-2018-20332.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://danieltindall.me/openwebif-vulnerabilities", - "refsource" : "MISC", - "url" : "https://danieltindall.me/openwebif-vulnerabilities" - }, - { - "name" : "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013", - "refsource" : "MISC", - "url" : "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full pathname. This is related to plugin/controllers/file.py in the e2openplugin-OpenWebif project." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://danieltindall.me/openwebif-vulnerabilities", + "refsource": "MISC", + "url": "https://danieltindall.me/openwebif-vulnerabilities" + }, + { + "name": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013", + "refsource": "MISC", + "url": "https://github.com/E2OpenPlugins/e2openplugin-OpenWebif/commit/a846b7664eda3a4c51a452e00638cf7337dc2013" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20623.json b/2018/20xxx/CVE-2018-20623.json index ce8a93afde3..34ae4c7630c 100644 --- a/2018/20xxx/CVE-2018-20623.json +++ b/2018/20xxx/CVE-2018-20623.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24049", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24049" - }, - { - "name" : "106370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106370" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24049", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24049" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9132.json b/2018/9xxx/CVE-2018-9132.json index f841b0c4914..4ec5ed92c6a 100644 --- a/2018/9xxx/CVE-2018-9132.json +++ b/2018/9xxx/CVE-2018-9132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180526 [SECURITY] [DLA 1386-1] ming security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html" - }, - { - "name" : "https://github.com/libming/libming/issues/133", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/133", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/133" + }, + { + "name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1386-1] ming security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9382.json b/2018/9xxx/CVE-2018-9382.json index b360603b048..ef16541e0ae 100644 --- a/2018/9xxx/CVE-2018-9382.json +++ b/2018/9xxx/CVE-2018-9382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9583.json b/2018/9xxx/CVE-2018-9583.json index f35bb730c57..86554cb14a1 100644 --- a/2018/9xxx/CVE-2018-9583.json +++ b/2018/9xxx/CVE-2018-9583.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2019-01-01T00:00:00", - "ID" : "CVE-2018-9583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Android" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2019-01-01T00:00:00", + "ID": "CVE-2018-9583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Android" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2019-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2019-01-01.html" - }, - { - "name" : "106495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106495" + }, + { + "name": "https://source.android.com/security/bulletin/2019-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2019-01-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9985.json b/2018/9xxx/CVE-2018-9985.json index 53fabb2a375..315a1506ec9 100644 --- a/2018/9xxx/CVE-2018-9985.json +++ b/2018/9xxx/CVE-2018-9985.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/learnsec6/test/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/learnsec6/test/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/learnsec6/test/issues/1", + "refsource": "MISC", + "url": "https://github.com/learnsec6/test/issues/1" + } + ] + } +} \ No newline at end of file