diff --git a/2003/0xxx/CVE-2003-0004.json b/2003/0xxx/CVE-2003-0004.json index e1640fd9b03..5bbc568ea78 100644 --- a/2003/0xxx/CVE-2003-0004.json +++ b/2003/0xxx/CVE-2003-0004.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104878038418534&w=2" - }, - { - "name" : "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html" - }, - { - "name" : "MS03-005", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-005" - }, - { - "name" : "6778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6778" - }, - { - "name" : "winxp-windows-redirector-bo(11260)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11260.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html" + }, + { + "name": "6778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6778" + }, + { + "name": "MS03-005", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-005" + }, + { + "name": "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104878038418534&w=2" + }, + { + "name": "winxp-windows-redirector-bo(11260)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11260.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0033.json b/2003/0xxx/CVE-2003-0033.json index 1ea22d561aa..4e9a05672bc 100644 --- a/2003/0xxx/CVE-2003-0033.json +++ b/2003/0xxx/CVE-2003-0033.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030303 Snort RPC Preprocessing Vulnerability", - "refsource" : "ISS", - "url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951" - }, - { - "name" : "20030303 Snort RPC Vulnerability (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104673386226064&w=2" - }, - { - "name" : "DSA-297", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-297" - }, - { - "name" : "ESA-20030307-007", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html" - }, - { - "name" : "GLSA-200304-06", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=105154530427824&w=2" - }, - { - "name" : "GLSA-200303-6.1", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=104716001503409&w=2" - }, - { - "name" : "MDKSA-2003:029", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029" - }, - { - "name" : "CA-2003-13", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-13.html" - }, - { - "name" : "VU#916785", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/916785" - }, - { - "name" : "6963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6963" - }, - { - "name" : "snort-rpc-fragment-bo(10956)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10956.php" - }, - { - "name" : "4418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2003-13", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-13.html" + }, + { + "name": "DSA-297", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-297" + }, + { + "name": "VU#916785", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/916785" + }, + { + "name": "ESA-20030307-007", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html" + }, + { + "name": "MDKSA-2003:029", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029" + }, + { + "name": "20030303 Snort RPC Preprocessing Vulnerability", + "refsource": "ISS", + "url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951" + }, + { + "name": "snort-rpc-fragment-bo(10956)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10956.php" + }, + { + "name": "GLSA-200304-06", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=105154530427824&w=2" + }, + { + "name": "GLSA-200303-6.1", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=104716001503409&w=2" + }, + { + "name": "4418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4418" + }, + { + "name": "6963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6963" + }, + { + "name": "20030303 Snort RPC Vulnerability (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104673386226064&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0054.json b/2003/0xxx/CVE-2003-0054.json index ef03e8b6080..86ab7d14ced 100644 --- a/2003/0xxx/CVE-2003-0054.json +++ b/2003/0xxx/CVE-2003-0054.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2" - }, - { - "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" - }, - { - "name" : "6960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6960" - }, - { - "name" : "quicktime-darwin-describe-xss(11405)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11405.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" + }, + { + "name": "quicktime-darwin-describe-xss(11405)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11405.php" + }, + { + "name": "6960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6960" + }, + { + "name": "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104618904330226&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0488.json b/2003/0xxx/CVE-2003-0488.json index fc7b856f6d6..4e56fad1b31 100644 --- a/2003/0xxx/CVE-2003-0488.json +++ b/2003/0xxx/CVE-2003-0488.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030618 Multiple buffer overflows and XSS in Kerio MailServer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105596982503760&w=2" - }, - { - "name" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm", - "refsource" : "MISC", - "url" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm" - }, - { - "name" : "7966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7966" - }, - { - "name" : "7968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7968" - }, - { - "name" : "kerio-multiple-modules-xss(12367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7968" + }, + { + "name": "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm", + "refsource": "MISC", + "url": "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm" + }, + { + "name": "7966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7966" + }, + { + "name": "20030618 Multiple buffer overflows and XSS in Kerio MailServer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105596982503760&w=2" + }, + { + "name": "kerio-multiple-modules-xss(12367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12367" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0684.json b/2003/0xxx/CVE-2003-0684.json index bd638c6f1ec..c6b4f96daac 100644 --- a/2003/0xxx/CVE-2003-0684.json +++ b/2003/0xxx/CVE-2003-0684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0684", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0684", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1559.json b/2003/1xxx/CVE-2003-1559.json index 91c1a700d73..a7f62b80f0e 100644 --- a/2003/1xxx/CVE-2003-1559.json +++ b/2003/1xxx/CVE-2003-1559.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348360" - }, - { - "name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348574" - }, - { - "name" : "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html", - "refsource" : "MISC", - "url" : "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" - }, - { - "name" : "9295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9295" - }, - { - "name" : "3989", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3989" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348574" + }, + { + "name": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html", + "refsource": "MISC", + "url": "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html" + }, + { + "name": "9295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9295" + }, + { + "name": "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348360" + }, + { + "name": "3989", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3989" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1565.json b/2003/1xxx/CVE-2003-1565.json index 30b952f80e7..b3a88a312e5 100644 --- a/2003/1xxx/CVE-2003-1565.json +++ b/2003/1xxx/CVE-2003-1565.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1565", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1565. Reason: This candidate is a duplicate of CVE-2002-1565. Notes: All CVE users should reference CVE-2002-1565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-1565", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1565. Reason: This candidate is a duplicate of CVE-2002-1565. Notes: All CVE users should reference CVE-2002-1565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0323.json b/2004/0xxx/CVE-2004-0323.json index eff2a5b0f6d..10cbc068131 100644 --- a/2004/0xxx/CVE-2004-0323.json +++ b/2004/0xxx/CVE-2004-0323.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107756526625179&w=2" - }, - { - "name" : "20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html" - }, - { - "name" : "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html" - }, - { - "name" : "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859", - "refsource" : "CONFIRM", - "url" : "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859" - }, - { - "name" : "9726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9726" - }, - { - "name" : "xmb-multiple-sql-injection(15295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.php, (3) tpp parameter in forumdisplay.php, (4) ascdesc parameter in forumdisplay.php, or (5) the addon parameter in stats.php. NOTE: it has also been shown that item (3) is also in XMB 1.9 beta." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9726" + }, + { + "name": "20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0645.html" + }, + { + "name": "xmb-multiple-sql-injection(15295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15295" + }, + { + "name": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859", + "refsource": "CONFIRM", + "url": "http://www.xmbforum.com/community/boards/viewthread.php?tid=746859" + }, + { + "name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2" + }, + { + "name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0629.json b/2004/0xxx/CVE-2004-0629.json index 73be6a6dbfc..0095670e254 100644 --- a/2004/0xxx/CVE-2004-0629.json +++ b/2004/0xxx/CVE-2004-0629.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040813 Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=126&type=vulnerabilities" - }, - { - "name" : "http://www.adobe.com/support/techdocs/330527.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/330527.html" - }, - { - "name" : "GLSA-200408-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-14.xml" - }, - { - "name" : "10947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10947" - }, - { - "name" : "acrobat-reader-activex-bo(16998)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040813 Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=126&type=vulnerabilities" + }, + { + "name": "10947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10947" + }, + { + "name": "acrobat-reader-activex-bo(16998)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16998" + }, + { + "name": "GLSA-200408-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-14.xml" + }, + { + "name": "http://www.adobe.com/support/techdocs/330527.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/330527.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0805.json b/2004/0xxx/CVE-2004-0805.json index 42f0d6c4460..1921cd63408 100644 --- a/2004/0xxx/CVE-2004-0805.json +++ b/2004/0xxx/CVE-2004-0805.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 mpg123 buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/374433" - }, - { - "name" : "20040907 mpg123 buffer overflow vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.html" - }, - { - "name" : "http://www.alighieri.org/advisories/advisory-mpg123.txt", - "refsource" : "MISC", - "url" : "http://www.alighieri.org/advisories/advisory-mpg123.txt" - }, - { - "name" : "DSA-564", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-564" - }, - { - "name" : "GLSA-200409-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml" - }, - { - "name" : "MDKSA-2004:100", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100" - }, - { - "name" : "11121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11121" - }, - { - "name" : "mpg123-layer2c-bo(17287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040916 mpg123 buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/374433" + }, + { + "name": "11121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11121" + }, + { + "name": "MDKSA-2004:100", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:100" + }, + { + "name": "20040907 mpg123 buffer overflow vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026151.html" + }, + { + "name": "DSA-564", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-564" + }, + { + "name": "GLSA-200409-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-20.xml" + }, + { + "name": "mpg123-layer2c-bo(17287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17287" + }, + { + "name": "http://www.alighieri.org/advisories/advisory-mpg123.txt", + "refsource": "MISC", + "url": "http://www.alighieri.org/advisories/advisory-mpg123.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2044.json b/2004/2xxx/CVE-2004-2044.json index 469894a5caa..a3f2ad1b70b 100644 --- a/2004/2xxx/CVE-2004-2044.json +++ b/2004/2xxx/CVE-2004-2044.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the \"admin.php\" string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040601 [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108611643614881&w=2" - }, - { - "name" : "20040601 [Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0006.html" - }, - { - "name" : "20040606 Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108662955105757&w=2" - }, - { - "name" : "20040601 [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108611606320559&w=2" - }, - { - "name" : "20040601 [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops betaNC Bundle", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0005.html" - }, - { - "name" : "10447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10447" - }, - { - "name" : "6593", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6593" - }, - { - "name" : "11766", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11766" - }, - { - "name" : "osc2nuke-eregi-path-disclosure(16296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16296" - }, - { - "name" : "oscnukelite-eregi-path-disclosure(16297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16297" - }, - { - "name" : "phpnuke-eregi-path-disclosure(16294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16294" - }, - { - "name" : "nukecops-ergei-path-disclosure(16298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the \"admin.php\" string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040601 [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops betaNC Bundle", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0005.html" + }, + { + "name": "nukecops-ergei-path-disclosure(16298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16298" + }, + { + "name": "20040601 [Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0006.html" + }, + { + "name": "phpnuke-eregi-path-disclosure(16294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16294" + }, + { + "name": "oscnukelite-eregi-path-disclosure(16297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16297" + }, + { + "name": "6593", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6593" + }, + { + "name": "20040606 Re: [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108662955105757&w=2" + }, + { + "name": "10447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10447" + }, + { + "name": "20040601 [Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108611606320559&w=2" + }, + { + "name": "osc2nuke-eregi-path-disclosure(16296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16296" + }, + { + "name": "11766", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11766" + }, + { + "name": "20040601 [Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108611643614881&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2214.json b/2004/2xxx/CVE-2004-2214.json index 2e1115bfbe3..01bf99f0763 100644 --- a/2004/2xxx/CVE-2004-2214.json +++ b/2004/2xxx/CVE-2004-2214.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html", - "refsource" : "CONFIRM", - "url" : "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html" - }, - { - "name" : "10673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10673" - }, - { - "name" : "7391", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7391" - }, - { - "name" : "12011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12011" - }, - { - "name" : "mbedthis-uri-gain-access(16638)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7391", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7391" + }, + { + "name": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html", + "refsource": "CONFIRM", + "url": "http://www.mbedthis.com/products/appWeb/doc/product/newFeatures.html" + }, + { + "name": "mbedthis-uri-gain-access(16638)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16638" + }, + { + "name": "12011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12011" + }, + { + "name": "10673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10673" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2237.json b/2004/2xxx/CVE-2004-2237.json index c5b264ba40d..95e3dd17f70 100644 --- a/2004/2xxx/CVE-2004-2237.json +++ b/2004/2xxx/CVE-2004-2237.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to \"strings in Moodle texts.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moodle.org/doc/?file=releaseold.html", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/doc/?file=releaseold.html" - }, - { - "name" : "8522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8522" - }, - { - "name" : "12262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to \"strings in Moodle texts.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/doc/?file=releaseold.html", + "refsource": "CONFIRM", + "url": "http://moodle.org/doc/?file=releaseold.html" + }, + { + "name": "8522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8522" + }, + { + "name": "12262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12262" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2288.json b/2004/2xxx/CVE-2004-2288.json index 185b2a83290..1ee9462809d 100644 --- a/2004/2xxx/CVE-2004-2288.json +++ b/2004/2xxx/CVE-2004-2288.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html", - "refsource" : "MISC", - "url" : "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html" - }, - { - "name" : "10362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10362" + }, + { + "name": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html", + "refsource": "MISC", + "url": "http://www.infosecurity.org.cn/article/hacker/exploit/16557.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2183.json b/2008/2xxx/CVE-2008-2183.json index 7902c76a090..71a4f1f938d 100644 --- a/2008/2xxx/CVE-2008-2183.json +++ b/2008/2xxx/CVE-2008-2183.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5535", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5535" - }, - { - "name" : "29033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29033" - }, - { - "name" : "30057", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30057" - }, - { - "name" : "smartblog-index-logon-sql-injection(42190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30057", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30057" + }, + { + "name": "29033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29033" + }, + { + "name": "5535", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5535" + }, + { + "name": "smartblog-index-logon-sql-injection(42190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42190" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2819.json b/2008/2xxx/CVE-2008-2819.json index 8f76434e402..a152fe76794 100644 --- a/2008/2xxx/CVE-2008-2819.json +++ b/2008/2xxx/CVE-2008-2819.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blogn.org/index.php?e=170", - "refsource" : "CONFIRM", - "url" : "http://www.blogn.org/index.php?e=170" - }, - { - "name" : "JVN#14072646", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN14072646/index.html" - }, - { - "name" : "29764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29764" - }, - { - "name" : "30642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30642" - }, - { - "name" : "blognplus-unspecified-sql-injection(43136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30642" + }, + { + "name": "JVN#14072646", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN14072646/index.html" + }, + { + "name": "blognplus-unspecified-sql-injection(43136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43136" + }, + { + "name": "29764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29764" + }, + { + "name": "http://www.blogn.org/index.php?e=170", + "refsource": "CONFIRM", + "url": "http://www.blogn.org/index.php?e=170" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2986.json b/2008/2xxx/CVE-2008-2986.json index 63bbcf12cb1..16b29ccbfd5 100644 --- a/2008/2xxx/CVE-2008-2986.json +++ b/2008/2xxx/CVE-2008-2986.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5897", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5897" - }, - { - "name" : "29880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29880" - }, - { - "name" : "phpdmca-ourlinuxrootpath-file-include(43253)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5897", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5897" + }, + { + "name": "29880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29880" + }, + { + "name": "phpdmca-ourlinuxrootpath-file-include(43253)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43253" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0441.json b/2012/0xxx/CVE-2012-0441.json index d090041a8a6..78d6b4dfead 100644 --- a/2012/0xxx/CVE-2012-0441.json +++ b/2012/0xxx/CVE-2012-0441.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715073", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715073" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" - }, - { - "name" : "DSA-2490", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2490" - }, - { - "name" : "MDVSA-2012:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088" - }, - { - "name" : "SUSE-SU-2012:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" - }, - { - "name" : "openSUSE-SU-2012:0760", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html" - }, - { - "name" : "USN-1540-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1540-1" - }, - { - "name" : "USN-1540-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1540-2" - }, - { - "name" : "53798", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53798" - }, - { - "name" : "oval:org.mitre.oval:def:16701", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701" - }, - { - "name" : "50316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50316" - }, - { - "name" : "49976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-39.html" + }, + { + "name": "49976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49976" + }, + { + "name": "USN-1540-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1540-2" + }, + { + "name": "MDVSA-2012:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088" + }, + { + "name": "oval:org.mitre.oval:def:16701", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715073" + }, + { + "name": "53798", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53798" + }, + { + "name": "DSA-2490", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2490" + }, + { + "name": "SUSE-SU-2012:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" + }, + { + "name": "openSUSE-SU-2012:0760", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html" + }, + { + "name": "50316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50316" + }, + { + "name": "USN-1540-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1540-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0830.json b/2012/0xxx/CVE-2012-0830.json index 433f86a97c1..2f2c07fa85c 100644 --- a/2012/0xxx/CVE-2012-0830.json +++ b/2012/0xxx/CVE-2012-0830.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120202 PHP remote code execution introduced via HashDoS fix", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/02/02/12" - }, - { - "name" : "[oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/02/03/1" - }, - { - "name" : "http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/", - "refsource" : "MISC", - "url" : "http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/" - }, - { - "name" : "http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html", - "refsource" : "MISC", - "url" : "http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html" - }, - { - "name" : "https://gist.github.com/1725489", - "refsource" : "MISC", - "url" : "https://gist.github.com/1725489" - }, - { - "name" : "http://svn.php.net/viewvc?view=revision&revision=323007", - "refsource" : "CONFIRM", - "url" : "http://svn.php.net/viewvc?view=revision&revision=323007" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php#5.3.10", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php#5.3.10" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "DSA-2403", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2403" - }, - { - "name" : "HPSBMU02786", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "SSRT100877", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" - }, - { - "name" : "HPSBUX02791", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134012830914727&w=2" - }, - { - "name" : "SSRT100856", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134012830914727&w=2" - }, - { - "name" : "RHSA-2012:0092", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0092.html" - }, - { - "name" : "openSUSE-SU-2012:0426", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0411", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html" - }, - { - "name" : "51830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51830" - }, - { - "name" : "78819", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78819" - }, - { - "name" : "1026631", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026631" - }, - { - "name" : "47806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47806" - }, - { - "name" : "47801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47801" - }, - { - "name" : "47813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47813" - }, - { - "name" : "48668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48668" - }, - { - "name" : "php-phpregistervariableex-code-exec(72911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100856", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2" + }, + { + "name": "http://svn.php.net/viewvc?view=revision&revision=323007", + "refsource": "CONFIRM", + "url": "http://svn.php.net/viewvc?view=revision&revision=323007" + }, + { + "name": "HPSBMU02786", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/", + "refsource": "MISC", + "url": "http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/" + }, + { + "name": "51830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51830" + }, + { + "name": "RHSA-2012:0092", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0092.html" + }, + { + "name": "SUSE-SU-2012:0411", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html" + }, + { + "name": "78819", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78819" + }, + { + "name": "47806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47806" + }, + { + "name": "openSUSE-SU-2012:0426", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html" + }, + { + "name": "DSA-2403", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2403" + }, + { + "name": "php-phpregistervariableex-code-exec(72911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72911" + }, + { + "name": "48668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48668" + }, + { + "name": "http://www.php.net/ChangeLog-5.php#5.3.10", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php#5.3.10" + }, + { + "name": "47801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47801" + }, + { + "name": "[oss-security] 20120202 PHP remote code execution introduced via HashDoS fix", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/02/02/12" + }, + { + "name": "[oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/02/03/1" + }, + { + "name": "SSRT100877", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041" + }, + { + "name": "1026631", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026631" + }, + { + "name": "HPSBUX02791", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2" + }, + { + "name": "http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html", + "refsource": "MISC", + "url": "http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "https://gist.github.com/1725489", + "refsource": "MISC", + "url": "https://gist.github.com/1725489" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "47813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47813" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1124.json b/2012/1xxx/CVE-2012-1124.json index ff6f6ce55af..129d9f40c49 100644 --- a/2012/1xxx/CVE-2012-1124.json +++ b/2012/1xxx/CVE-2012-1124.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1124", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1124", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1258.json b/2012/1xxx/CVE-2012-1258.json index dd588aeff33..c35e0aaaa20 100644 --- a/2012/1xxx/CVE-2012-1258.json +++ b/2012/1xxx/CVE-2012-1258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1258", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1258", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1392.json b/2012/1xxx/CVE-2012-1392.json index 777ed9b71c9..091a2beb5b1 100644 --- a/2012/1xxx/CVE-2012-1392.json +++ b/2012/1xxx/CVE-2012-1392.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1392-vulnerability-in-DolphinBrowserHD.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1392-vulnerability-in-DolphinBrowserHD.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1392-vulnerability-in-DolphinBrowserHD.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1392-vulnerability-in-DolphinBrowserHD.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1705.json b/2012/1xxx/CVE-2012-1705.json index 9a5bb48b6f8..ba0894bd7b7 100644 --- a/2012/1xxx/CVE-2012-1705.json +++ b/2012/1xxx/CVE-2012-1705.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2013:0219", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0219.html" - }, - { - "name" : "USN-1703-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1703-1" - }, - { - "name" : "oval:org.mitre.oval:def:17268", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1703-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1703-1" + }, + { + "name": "oval:org.mitre.oval:def:17268", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "RHSA-2013:0219", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0219.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1771.json b/2012/1xxx/CVE-2012-1771.json index a5c887406f5..a1bdd0c9521 100644 --- a/2012/1xxx/CVE-2012-1771.json +++ b/2012/1xxx/CVE-2012-1771.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" - }, - { - "name" : "http://technet.microsoft.com/security/advisory/2737111", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2737111" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS12-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" - }, - { - "name" : "MS12-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" - }, - { - "name" : "VU#118913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/118913" - }, - { - "name" : "54543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54543" - }, - { - "name" : "oval:org.mitre.oval:def:15668", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15668" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "outsideintechnology-out-dos(77004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "VU#118913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/118913" + }, + { + "name": "MS12-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "oval:org.mitre.oval:def:15668", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15668" + }, + { + "name": "54543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54543" + }, + { + "name": "MS12-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "http://technet.microsoft.com/security/advisory/2737111", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2737111" + }, + { + "name": "outsideintechnology-out-dos(77004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77004" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5145.json b/2012/5xxx/CVE-2012-5145.json index 812febeebd0..e87bc05b20c 100644 --- a/2012/5xxx/CVE-2012-5145.json +++ b/2012/5xxx/CVE-2012-5145.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5145", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=162494", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=162494" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:16207", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=162494", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=162494" + }, + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "oval:org.mitre.oval:def:16207", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16207" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5650.json b/2012/5xxx/CVE-2012-5650.json index aece3a1c949..d603afed770 100644 --- a/2012/5xxx/CVE-2012-5650.json +++ b/2012/5xxx/CVE-2012-5650.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" - }, - { - "name" : "[couchdb-user] 20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[couchdb-user] 20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E" + }, + { + "name": "20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5969.json b/2012/5xxx/CVE-2012-5969.json index 1d19a6a2941..e22581c1a69 100644 --- a/2012/5xxx/CVE-2012-5969.json +++ b/2012/5xxx/CVE-2012-5969.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-5969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm" - }, - { - "name" : "VU#871148", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/871148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities on the Huawei E585 device allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the PATH_INFO of an sdcard/ request or (2) modify arbitrary files via a .. (dot dot) in the req_page parameter to en/sms.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm" + }, + { + "name": "VU#871148", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/871148" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11887.json b/2017/11xxx/CVE-2017-11887.json index b170887c72e..aab17b7e5c0 100644 --- a/2017/11xxx/CVE-2017-11887.json +++ b/2017/11xxx/CVE-2017-11887.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11887", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11887" - }, - { - "name" : "102063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102063" - }, - { - "name" : "1039993", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102063" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11887", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11887" + }, + { + "name": "1039993", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039993" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3228.json b/2017/3xxx/CVE-2017-3228.json index 85bb3c293bd..b310f3c5859 100644 --- a/2017/3xxx/CVE-2017-3228.json +++ b/2017/3xxx/CVE-2017-3228.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3228", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3228", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3733.json b/2017/3xxx/CVE-2017-3733.json index 878384cf89e..0f42ce179db 100644 --- a/2017/3xxx/CVE-2017-3733.json +++ b/2017/3xxx/CVE-2017-3733.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2017-02-16", - "ID" : "CVE-2017-3733", - "STATE" : "PUBLIC", - "TITLE" : "Encrypt-Then-Mac renegotiation crash" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "openssl-1.1.0" - }, - { - "version_value" : "openssl-1.1.0a" - }, - { - "version_value" : "openssl-1.1.0b" - }, - { - "version_value" : "openssl-1.1.0c" - }, - { - "version_value" : "openssl-1.1.0d" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Joe Orton (Red Hat)" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected." - } - ] - }, - "impact" : [ - { - "lang" : "eng", - "url" : "https://www.openssl.org/policies/secpolicy.html#High", - "value" : "High" - } - ], - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "protocol error" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2017-02-16", + "ID": "CVE-2017-3733", + "STATE": "PUBLIC", + "TITLE": "Encrypt-Then-Mac renegotiation crash" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "openssl-1.1.0" + }, + { + "version_value": "openssl-1.1.0a" + }, + { + "version_value": "openssl-1.1.0b" + }, + { + "version_value": "openssl-1.1.0c" + }, + { + "version_value": "openssl-1.1.0d" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2", - "refsource" : "MISC", - "url" : "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2" - }, - { - "name" : "https://www.openssl.org/news/secadv/20170216.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20170216.txt" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "96269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96269" - }, - { - "name" : "1037846", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037846" - } - ] - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Joe Orton (Red Hat)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected." + } + ] + }, + "impact": [ + { + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#High", + "value": "High" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "protocol error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96269" + }, + { + "name": "https://www.openssl.org/news/secadv/20170216.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20170216.txt" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2", + "refsource": "MISC", + "url": "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2" + }, + { + "name": "1037846", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037846" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3893.json b/2017/3xxx/CVE-2017-3893.json index a89be130a84..47c2deeda98 100644 --- a/2017/3xxx/CVE-2017-3893.json +++ b/2017/3xxx/CVE-2017-3893.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@blackberry.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-3893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QNX Software Development Platform (QNX SDP)", - "version" : { - "version_data" : [ - { - "version_value" : "6.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "BlackBerry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Flawed vulnerability mitigation" - } + "CVE_data_meta": { + "ASSIGNER": "secure@blackberry.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-3893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QNX Software Development Platform (QNX SDP)", + "version": { + "version_data": [ + { + "version_value": "6.6.0" + } + ] + } + } + ] + }, + "vendor_name": "BlackBerry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Flawed vulnerability mitigation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7254.json b/2017/7xxx/CVE-2017-7254.json index 25b4751ff05..a61ff7521b2 100644 --- a/2017/7xxx/CVE-2017-7254.json +++ b/2017/7xxx/CVE-2017-7254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7326.json b/2017/7xxx/CVE-2017-7326.json index 12ed356b2fb..00a5280c234 100644 --- a/2017/7xxx/CVE-2017-7326.json +++ b/2017/7xxx/CVE-2017-7326.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "browser-security@yandex-team.ru", - "DATE_PUBLIC" : "2018-01-18T00:00:00", - "ID" : "CVE-2017-7326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Yandex Browser for Android", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 17.4.0.16." - } - ] - } - } - ] - }, - "vendor_name" : "Yandex N.V." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory corruption" - } + "CVE_data_meta": { + "ASSIGNER": "browser-security@yandex-team.ru", + "DATE_PUBLIC": "2018-01-18T00:00:00", + "ID": "CVE-2017-7326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yandex Browser for Android", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 17.4.0.16." + } + ] + } + } + ] + }, + "vendor_name": "Yandex N.V." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://browser.yandex.com/security/changelogs/fixed-in-version-17-4", - "refsource" : "CONFIRM", - "url" : "https://browser.yandex.com/security/changelogs/fixed-in-version-17-4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://browser.yandex.com/security/changelogs/fixed-in-version-17-4", + "refsource": "CONFIRM", + "url": "https://browser.yandex.com/security/changelogs/fixed-in-version-17-4" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7871.json b/2017/7xxx/CVE-2017-7871.json index 18b40fc35c7..c9286de3e14 100644 --- a/2017/7xxx/CVE-2017-7871.json +++ b/2017/7xxx/CVE-2017-7871.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/trollepierre/tdm/commit/2e89019d6a491f0a5ac3db8732181f6eb1d219aa", - "refsource" : "CONFIRM", - "url" : "https://github.com/trollepierre/tdm/commit/2e89019d6a491f0a5ac3db8732181f6eb1d219aa" - }, - { - "name" : "https://github.com/trollepierre/tdm/issues/50", - "refsource" : "CONFIRM", - "url" : "https://github.com/trollepierre/tdm/issues/50" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/trollepierre/tdm/commit/2e89019d6a491f0a5ac3db8732181f6eb1d219aa", + "refsource": "CONFIRM", + "url": "https://github.com/trollepierre/tdm/commit/2e89019d6a491f0a5ac3db8732181f6eb1d219aa" + }, + { + "name": "https://github.com/trollepierre/tdm/issues/50", + "refsource": "CONFIRM", + "url": "https://github.com/trollepierre/tdm/issues/50" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8238.json b/2017/8xxx/CVE-2017-8238.json index 8348b4625ad..597cbc2cd1a 100644 --- a/2017/8xxx/CVE-2017-8238.json +++ b/2017/8xxx/CVE-2017-8238.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8777.json b/2017/8xxx/CVE-2017-8777.json index f630c96ced7..6f8dfc4a58f 100644 --- a/2017/8xxx/CVE-2017-8777.json +++ b/2017/8xxx/CVE-2017-8777.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8777", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8777", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8959.json b/2017/8xxx/CVE-2017-8959.json index 2f47514efcd..1842f098dfd 100644 --- a/2017/8xxx/CVE-2017-8959.json +++ b/2017/8xxx/CVE-2017-8959.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-8959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MSA 1040 and 2040 SAN Storage", - "version" : { - "version_data" : [ - { - "version_value" : "GL220P008 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-8959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MSA 1040 and 2040 SAN Storage", + "version": { + "version_data": [ + { + "version_value": "GL220P008 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8988.json b/2017/8xxx/CVE-2017-8988.json index 6d16908cab1..f87a0790a7d 100644 --- a/2017/8xxx/CVE-2017-8988.json +++ b/2017/8xxx/CVE-2017-8988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "ID" : "CVE-2017-8988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Command View Advanced Edition", - "version" : { - "version_data" : [ - { - "version_value" : "earlier than v8.5.3-00" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote bypass of security restrictions" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "ID": "CVE-2017-8988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Command View Advanced Edition", + "version": { + "version_data": [ + { + "version_value": "earlier than v8.5.3-00" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03822en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03822en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote bypass of security restrictions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03822en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03822en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10415.json b/2018/10xxx/CVE-2018-10415.json index 9d993240b4d..419d680798e 100644 --- a/2018/10xxx/CVE-2018-10415.json +++ b/2018/10xxx/CVE-2018-10415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10484.json b/2018/10xxx/CVE-2018-10484.json index 9115bbbf602..3fce8fb46ed 100644 --- a/2018/10xxx/CVE-2018-10484.json +++ b/2018/10xxx/CVE-2018-10484.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-665-Improper Initialization" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-394", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-394" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-665-Improper Initialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-394", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-394" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10487.json b/2018/10xxx/CVE-2018-10487.json index 00e0a9edbe4..ea71e33269b 100644 --- a/2018/10xxx/CVE-2018-10487.json +++ b/2018/10xxx/CVE-2018-10487.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10487", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files embedded inside PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5419." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10487", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-397", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-397" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files embedded inside PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5419." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-397", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-397" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10539.json b/2018/10xxx/CVE-2018-10539.json index d9ddbaa2204..b88a900bf9a 100644 --- a/2018/10xxx/CVE-2018-10539.json +++ b/2018/10xxx/CVE-2018-10539.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d" - }, - { - "name" : "https://github.com/dbry/WavPack/issues/33", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/issues/33" - }, - { - "name" : "DSA-4197", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4197" - }, - { - "name" : "USN-3637-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3637-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dbry/WavPack/issues/33", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/issues/33" + }, + { + "name": "DSA-4197", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4197" + }, + { + "name": "USN-3637-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3637-1/" + }, + { + "name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10668.json b/2018/10xxx/CVE-2018-10668.json index 76a1cc91cdc..e4915eb043c 100644 --- a/2018/10xxx/CVE-2018-10668.json +++ b/2018/10xxx/CVE-2018-10668.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10668", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10668", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12027.json b/2018/12xxx/CVE-2018-12027.json index 1b2c4b0d4ca..bbdab448937 100644 --- a/2018/12xxx/CVE-2018-12027.json +++ b/2018/12xxx/CVE-2018-12027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.phusion.nl/passenger-5-3-2", - "refsource" : "MISC", - "url" : "https://blog.phusion.nl/passenger-5-3-2" - }, - { - "name" : "GLSA-201807-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201807-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.phusion.nl/passenger-5-3-2", + "refsource": "MISC", + "url": "https://blog.phusion.nl/passenger-5-3-2" + }, + { + "name": "GLSA-201807-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201807-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12084.json b/2018/12xxx/CVE-2018-12084.json index fc24f75bb11..27bc448e2d6 100644 --- a/2018/12xxx/CVE-2018-12084.json +++ b/2018/12xxx/CVE-2018-12084.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://peckshield.com/2018/06/11/tradeTrap/", - "refsource" : "MISC", - "url" : "https://peckshield.com/2018/06/11/tradeTrap/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BitAsean (BAS), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://peckshield.com/2018/06/11/tradeTrap/", + "refsource": "MISC", + "url": "https://peckshield.com/2018/06/11/tradeTrap/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12236.json b/2018/12xxx/CVE-2018-12236.json index f8b07e00591..060f4d0b6c7 100644 --- a/2018/12xxx/CVE-2018-12236.json +++ b/2018/12xxx/CVE-2018-12236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13359.json b/2018/13xxx/CVE-2018-13359.json index 73eec0447ea..fb00b5d2f10 100644 --- a/2018/13xxx/CVE-2018-13359.json +++ b/2018/13xxx/CVE-2018-13359.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the \"modgroup\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the \"modgroup\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13469.json b/2018/13xxx/CVE-2018-13469.json index 8e5ebadd04b..a4c1a52833e 100644 --- a/2018/13xxx/CVE-2018-13469.json +++ b/2018/13xxx/CVE-2018-13469.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IcoContract", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IcoContract" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for IcoContract, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IcoContract", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IcoContract" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13627.json b/2018/13xxx/CVE-2018-13627.json index 127b5702e76..d19710dafbf 100644 --- a/2018/13xxx/CVE-2018-13627.json +++ b/2018/13xxx/CVE-2018-13627.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyOffer", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyOffer" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MyOffer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyOffer", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyOffer" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17102.json b/2018/17xxx/CVE-2018-17102.json index 1f596d47b42..a81266b1405 100644 --- a/2018/17xxx/CVE-2018-17102.json +++ b/2018/17xxx/CVE-2018-17102.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/quickapps/cms/issues/187", - "refsource" : "MISC", - "url" : "https://github.com/quickapps/cms/issues/187" - }, - { - "name" : "https://github.com/quickapps/cms/issues/199", - "refsource" : "MISC", - "url" : "https://github.com/quickapps/cms/issues/199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/quickapps/cms/issues/187", + "refsource": "MISC", + "url": "https://github.com/quickapps/cms/issues/187" + }, + { + "name": "https://github.com/quickapps/cms/issues/199", + "refsource": "MISC", + "url": "https://github.com/quickapps/cms/issues/199" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17154.json b/2018/17xxx/CVE-2018-17154.json index 381345f978b..8a866f5aded 100644 --- a/2018/17xxx/CVE-2018-17154.json +++ b/2018/17xxx/CVE-2018-17154.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2018-09-27T00:00:00", - "ID" : "CVE-2018-17154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "11.2 before 11.2-RELEASE-p4" - }, - { - "version_value" : "11.1 before 11.1-RELEASE-p15" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2018-09-27T00:00:00", + "ID": "CVE-2018-17154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "11.2 before 11.2-RELEASE-p4" + }, + { + "version_value": "11.1 before 11.1-RELEASE-p15" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc", - "refsource" : "CONFIRM", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc", + "refsource": "CONFIRM", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:10.syscall.asc" + } + ] + } +} \ No newline at end of file