From f7c4d0e681afc83528f8be5bdfbb1ffb14431a2b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 07:17:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0438.json | 120 +++++++------- 2003/0xxx/CVE-2003-0820.json | 200 +++++++++++------------ 2003/0xxx/CVE-2003-0977.json | 260 ++++++++++++++--------------- 2003/1xxx/CVE-2003-1094.json | 150 ++++++++--------- 2003/1xxx/CVE-2003-1245.json | 140 ++++++++-------- 2003/1xxx/CVE-2003-1401.json | 140 ++++++++-------- 2003/1xxx/CVE-2003-1516.json | 130 +++++++-------- 2004/0xxx/CVE-2004-0132.json | 130 +++++++-------- 2004/0xxx/CVE-2004-0235.json | 240 +++++++++++++-------------- 2004/0xxx/CVE-2004-0802.json | 190 ++++++++++----------- 2004/0xxx/CVE-2004-0810.json | 170 +++++++++---------- 2004/1xxx/CVE-2004-1285.json | 130 +++++++-------- 2004/2xxx/CVE-2004-2199.json | 140 ++++++++-------- 2004/2xxx/CVE-2004-2206.json | 170 +++++++++---------- 2004/2xxx/CVE-2004-2275.json | 170 +++++++++---------- 2004/2xxx/CVE-2004-2397.json | 160 +++++++++--------- 2008/2xxx/CVE-2008-2472.json | 34 ++-- 2008/2xxx/CVE-2008-2650.json | 180 ++++++++++---------- 2008/2xxx/CVE-2008-2787.json | 180 ++++++++++---------- 2008/2xxx/CVE-2008-2839.json | 140 ++++++++-------- 2008/6xxx/CVE-2008-6252.json | 190 ++++++++++----------- 2008/6xxx/CVE-2008-6766.json | 140 ++++++++-------- 2012/1xxx/CVE-2012-1201.json | 34 ++-- 2012/1xxx/CVE-2012-1234.json | 120 +++++++------- 2012/1xxx/CVE-2012-1650.json | 180 ++++++++++---------- 2012/5xxx/CVE-2012-5110.json | 140 ++++++++-------- 2012/5xxx/CVE-2012-5367.json | 170 +++++++++---------- 2012/5xxx/CVE-2012-5430.json | 34 ++-- 2012/5xxx/CVE-2012-5511.json | 290 ++++++++++++++++----------------- 2012/5xxx/CVE-2012-5530.json | 150 ++++++++--------- 2012/5xxx/CVE-2012-5581.json | 200 +++++++++++------------ 2012/5xxx/CVE-2012-5801.json | 120 +++++++------- 2017/11xxx/CVE-2017-11146.json | 34 ++-- 2017/11xxx/CVE-2017-11526.json | 140 ++++++++-------- 2017/11xxx/CVE-2017-11670.json | 120 +++++++------- 2017/11xxx/CVE-2017-11712.json | 34 ++-- 2017/11xxx/CVE-2017-11807.json | 142 ++++++++-------- 2017/3xxx/CVE-2017-3533.json | 288 ++++++++++++++++---------------- 2017/3xxx/CVE-2017-3758.json | 122 +++++++------- 2017/3xxx/CVE-2017-3800.json | 140 ++++++++-------- 2017/3xxx/CVE-2017-3848.json | 140 ++++++++-------- 2017/7xxx/CVE-2017-7345.json | 130 +++++++-------- 2017/7xxx/CVE-2017-7704.json | 180 ++++++++++---------- 2017/7xxx/CVE-2017-7827.json | 152 ++++++++--------- 2017/8xxx/CVE-2017-8016.json | 130 +++++++-------- 2017/8xxx/CVE-2017-8074.json | 130 +++++++-------- 2017/8xxx/CVE-2017-8113.json | 34 ++-- 2017/8xxx/CVE-2017-8456.json | 34 ++-- 2017/8xxx/CVE-2017-8628.json | 142 ++++++++-------- 2017/8xxx/CVE-2017-8861.json | 120 +++++++------- 2018/10xxx/CVE-2018-10029.json | 120 +++++++------- 2018/10xxx/CVE-2018-10177.json | 130 +++++++-------- 2018/10xxx/CVE-2018-10409.json | 34 ++-- 2018/10xxx/CVE-2018-10600.json | 122 +++++++------- 2018/12xxx/CVE-2018-12093.json | 120 +++++++------- 2018/12xxx/CVE-2018-12804.json | 140 ++++++++-------- 2018/13xxx/CVE-2018-13042.json | 130 +++++++-------- 2018/13xxx/CVE-2018-13091.json | 120 +++++++------- 2018/13xxx/CVE-2018-13778.json | 130 +++++++-------- 2018/13xxx/CVE-2018-13823.json | 132 +++++++-------- 2018/17xxx/CVE-2018-17158.json | 150 ++++++++--------- 2018/17xxx/CVE-2018-17194.json | 120 +++++++------- 2018/17xxx/CVE-2018-17490.json | 34 ++-- 2018/17xxx/CVE-2018-17519.json | 34 ++-- 2018/17xxx/CVE-2018-17963.json | 160 +++++++++--------- 65 files changed, 4415 insertions(+), 4415 deletions(-) diff --git a/2003/0xxx/CVE-2003-0438.json b/2003/0xxx/CVE-2003-0438.json index d4937a3256a..195a29911ce 100644 --- a/2003/0xxx/CVE-2003-0438.json +++ b/2003/0xxx/CVE-2003-0438.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-325", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-325", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-325" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0820.json b/2003/0xxx/CVE-2003-0820.json index c61f12320e4..dcb6e3788cb 100644 --- a/2003/0xxx/CVE-2003-0820.json +++ b/2003/0xxx/CVE-2003-0820.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the \"Macro names\" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031015 Few issues previously unpublished in English", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html" - }, - { - "name" : "http://www.security.nnov.ru/search/document.asp?docid=5243", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/search/document.asp?docid=5243" - }, - { - "name" : "MS03-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050" - }, - { - "name" : "word-macro-execute-code(13682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13682" - }, - { - "name" : "8835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8835" - }, - { - "name" : "oval:org.mitre.oval:def:336", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336" - }, - { - "name" : "oval:org.mitre.oval:def:585", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585" - }, - { - "name" : "oval:org.mitre.oval:def:586", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586" - }, - { - "name" : "oval:org.mitre.oval:def:668", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the \"Macro names\" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "word-macro-execute-code(13682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13682" + }, + { + "name": "http://www.security.nnov.ru/search/document.asp?docid=5243", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/search/document.asp?docid=5243" + }, + { + "name": "oval:org.mitre.oval:def:336", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336" + }, + { + "name": "oval:org.mitre.oval:def:668", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668" + }, + { + "name": "MS03-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050" + }, + { + "name": "oval:org.mitre.oval:def:586", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586" + }, + { + "name": "20031015 Few issues previously unpublished in English", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html" + }, + { + "name": "8835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8835" + }, + { + "name": "oval:org.mitre.oval:def:585", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0977.json b/2003/0xxx/CVE-2003-0977.json index 2cddad358d2..e0c39a9f143 100644 --- a/2003/0xxx/CVE-2003-0977.json +++ b/2003/0xxx/CVE-2003-0977.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", - "refsource" : "CONFIRM", - "url" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1" - }, - { - "name" : "MDKSA-2003:112", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112" - }, - { - "name" : "RHSA-2004:003", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-003.html" - }, - { - "name" : "RHSA-2004:004", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-004.html" - }, - { - "name" : "DSA-422", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-422" - }, - { - "name" : "CLA-2004:808", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808" - }, - { - "name" : "20040103-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc" - }, - { - "name" : "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107168035515554&w=2" - }, - { - "name" : "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107540163908129&w=2" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "oval:org.mitre.oval:def:11528", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528" - }, - { - "name" : "10601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10601" - }, - { - "name" : "cvs-module-file-manipulation(13929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929" - }, - { - "name" : "oval:org.mitre.oval:def:855", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855" - }, - { - "name" : "oval:org.mitre.oval:def:866", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:855", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855" + }, + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107540163908129&w=2" + }, + { + "name": "MDKSA-2003:112", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112" + }, + { + "name": "oval:org.mitre.oval:def:866", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866" + }, + { + "name": "DSA-422", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-422" + }, + { + "name": "RHSA-2004:003", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-003.html" + }, + { + "name": "10601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10601" + }, + { + "name": "oval:org.mitre.oval:def:11528", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528" + }, + { + "name": "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107168035515554&w=2" + }, + { + "name": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1", + "refsource": "CONFIRM", + "url": "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1" + }, + { + "name": "20040103-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc" + }, + { + "name": "CLA-2004:808", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808" + }, + { + "name": "RHSA-2004:004", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-004.html" + }, + { + "name": "cvs-module-file-manipulation(13929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1094.json b/2003/1xxx/CVE-2003-1094.json index ea362ec17b4..008ffb52e65 100644 --- a/2003/1xxx/CVE-2003-1094.json +++ b/2003/1xxx/CVE-2003-1094.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp", - "refsource" : "CONFIRM", - "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp" - }, - { - "name" : "VU#999788", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/999788" - }, - { - "name" : "8320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8320" - }, - { - "name" : "weblogic-gain-privileges(12799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8320" + }, + { + "name": "weblogic-gain-privileges(12799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12799" + }, + { + "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp", + "refsource": "CONFIRM", + "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp" + }, + { + "name": "VU#999788", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/999788" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1245.json b/2003/1xxx/CVE-2003-1245.json index 58edd66b63a..b0def35d6d4 100644 --- a/2003/1xxx/CVE-2003-1245.json +++ b/2003/1xxx/CVE-2003-1245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 Mambo SiteServer exploit gains administrative privileges", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html" - }, - { - "name" : "6926", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6926" - }, - { - "name" : "mambo-sessionid-gain-privileges(11398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mambo-sessionid-gain-privileges(11398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11398" + }, + { + "name": "20030224 Mambo SiteServer exploit gains administrative privileges", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html" + }, + { + "name": "6926", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6926" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1401.json b/2003/1xxx/CVE-2003-1401.json index ef153f1f6f8..4f5ee192880 100644 --- a/2003/1xxx/CVE-2003-1401.json +++ b/2003/1xxx/CVE-2003-1401.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030215 php-Board (php)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html" - }, - { - "name" : "6862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6862" - }, - { - "name" : "phpboard-login-plaintext-passwords(11338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030215 php-Board (php)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html" + }, + { + "name": "6862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6862" + }, + { + "name": "phpboard-login-plaintext-passwords(11338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11338" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1516.json b/2003/1xxx/CVE-2003-1516.json index 9214bea4c83..2f183b61272 100644 --- a/2003/1xxx/CVE-2003-1516.json +++ b/2003/1xxx/CVE-2003-1516.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031020 Cross Site Java applets", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/341815" - }, - { - "name" : "8857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031020 Cross Site Java applets", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/341815" + }, + { + "name": "8857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8857" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0132.json b/2004/0xxx/CVE-2004-0132.json index 02923bb22af..855148ba382 100644 --- a/2004/0xxx/CVE-2004-0132.json +++ b/2004/0xxx/CVE-2004-0132.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107651585921958&w=2" - }, - { - "name" : "ezcontents-multiple-file-include(15135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107651585921958&w=2" + }, + { + "name": "ezcontents-multiple-file-include(15135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15135" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0235.json b/2004/0xxx/CVE-2004-0235.json index bd57780a011..2ad0744da1b 100644 --- a/2004/0xxx/CVE-2004-0235.json +++ b/2004/0xxx/CVE-2004-0235.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040501 LHa buffer overflows and directory traversal problems", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html" - }, - { - "name" : "20040510 [Ulf Harnhammar]: LHA Advisory + Patch", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108422737918885&w=2" - }, - { - "name" : "CLA-2004:840", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840" - }, - { - "name" : "DSA-515", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-515" - }, - { - "name" : "FLSA:1833", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1833" - }, - { - "name" : "RHSA-2004:178", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-178.html" - }, - { - "name" : "RHSA-2004:179", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-179.html" - }, - { - "name" : "GLSA-200405-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-02.xml" - }, - { - "name" : "FEDORA-2004-119", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html" - }, - { - "name" : "10243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10243" - }, - { - "name" : "oval:org.mitre.oval:def:10409", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409" - }, - { - "name" : "lha-directory-traversal(16013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013" - }, - { - "name" : "oval:org.mitre.oval:def:978", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes (\"//absolute/path\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2004:840", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840" + }, + { + "name": "FEDORA-2004-119", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html" + }, + { + "name": "10243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10243" + }, + { + "name": "20040501 LHa buffer overflows and directory traversal problems", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html" + }, + { + "name": "lha-directory-traversal(16013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16013" + }, + { + "name": "RHSA-2004:179", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html" + }, + { + "name": "FLSA:1833", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833" + }, + { + "name": "DSA-515", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-515" + }, + { + "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108422737918885&w=2" + }, + { + "name": "GLSA-200405-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-02.xml" + }, + { + "name": "RHSA-2004:178", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-178.html" + }, + { + "name": "oval:org.mitre.oval:def:978", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978" + }, + { + "name": "oval:org.mitre.oval:def:10409", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0802.json b/2004/0xxx/CVE-2004-0802.json index 20dd7d2ee14..632e9a8b583 100644 --- a/2004/0xxx/CVE-2004-0802.json +++ b/2004/0xxx/CVE-2004-0802.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:870", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870" - }, - { - "name" : "GLSA-200409-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml" - }, - { - "name" : "MDKSA-2004:089", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:089" - }, - { - "name" : "http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup", - "refsource" : "MISC", - "url" : "http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup" - }, - { - "name" : "201611", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1" - }, - { - "name" : "11084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11084" - }, - { - "name" : "imlib2-bmp-bo(17183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup", + "refsource": "MISC", + "url": "http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup" + }, + { + "name": "http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html" + }, + { + "name": "201611", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1" + }, + { + "name": "CLA-2004:870", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870" + }, + { + "name": "imlib2-bmp-bo(17183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17183" + }, + { + "name": "11084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11084" + }, + { + "name": "MDKSA-2004:089", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:089" + }, + { + "name": "GLSA-200409-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0810.json b/2004/0xxx/CVE-2004-0810.json index c25718401ac..107ae140c46 100644 --- a/2004/0xxx/CVE-2004-0810.json +++ b/2004/0xxx/CVE-2004-0810.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port 407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041119 Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue", - "refsource" : "BUGTRAQ", - "url" : "http://msgs.securepoint.com/cgi-bin/get/bugtraq0411/218.html" - }, - { - "name" : "http://www.corsaire.com/advisories/c040720-001.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c040720-001.txt" - }, - { - "name" : "http://www.uniras.gov.uk/vuls/2004/190204/index.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2004/190204/index.htm" - }, - { - "name" : "13250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13250/" - }, - { - "name" : "11714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11714" - }, - { - "name" : "timbuktu-multiple-connections-dos(18172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port 407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.uniras.gov.uk/vuls/2004/190204/index.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2004/190204/index.htm" + }, + { + "name": "13250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13250/" + }, + { + "name": "20041119 Corsaire Security Advisory - Netopia Timbuktu remote buffer overflow issue", + "refsource": "BUGTRAQ", + "url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0411/218.html" + }, + { + "name": "11714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11714" + }, + { + "name": "timbuktu-multiple-connections-dos(18172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18172" + }, + { + "name": "http://www.corsaire.com/advisories/c040720-001.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c040720-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1285.json b/2004/1xxx/CVE-2004-1285.json index f1cce27fbb3..bafeed6d136 100644 --- a/2004/1xxx/CVE-2004-1285.json +++ b/2004/1xxx/CVE-2004-1285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/mplayer.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/mplayer.txt" - }, - { - "name" : "mplayer-getdata-bo(18631)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mplayer-getdata-bo(18631)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18631" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/mplayer.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/mplayer.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2199.json b/2004/2xxx/CVE-2004-2199.json index 8759061ce71..04dcb0739ae 100644 --- a/2004/2xxx/CVE-2004-2199.json +++ b/2004/2xxx/CVE-2004-2199.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11363" - }, - { - "name" : "1011596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Oct/1011596.html" - }, - { - "name" : "duclassified-message-xss(17686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11363" + }, + { + "name": "duclassified-message-xss(17686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17686" + }, + { + "name": "1011596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Oct/1011596.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2206.json b/2004/2xxx/CVE-2004-2206.json index 8370703d2e4..e88d53f2d68 100644 --- a/2004/2xxx/CVE-2004-2206.json +++ b/2004/2xxx/CVE-2004-2206.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxpatrol.com/advdetails.asp?id=13", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/advdetails.asp?id=13" - }, - { - "name" : "http://www.maxpatrol.com/mp_advisory.asp", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/mp_advisory.asp" - }, - { - "name" : "11423", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11423" - }, - { - "name" : "10759", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10759" - }, - { - "name" : "1011692", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Oct/1011692.html" - }, - { - "name" : "natterchat-sql-injection(17726)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17726" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxpatrol.com/mp_advisory.asp", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/mp_advisory.asp" + }, + { + "name": "11423", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11423" + }, + { + "name": "1011692", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Oct/1011692.html" + }, + { + "name": "10759", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10759" + }, + { + "name": "natterchat-sql-injection(17726)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17726" + }, + { + "name": "http://www.maxpatrol.com/advdetails.asp?id=13", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/advdetails.asp?id=13" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2275.json b/2004/2xxx/CVE-2004-2275.json index 3110d70ddfd..7c5c2d2c749 100644 --- a/2004/2xxx/CVE-2004-2275.json +++ b/2004/2xxx/CVE-2004-2275.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/exploits/5UP0715FPC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5UP0715FPC.html" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=4904", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=4904" - }, - { - "name" : "10626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10626" - }, - { - "name" : "7461", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7461" - }, - { - "name" : "11972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11972" - }, - { - "name" : "imall-commerce-command-execution(16540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10626" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=4904", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=4904" + }, + { + "name": "11972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11972" + }, + { + "name": "imall-commerce-command-execution(16540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16540" + }, + { + "name": "7461", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7461" + }, + { + "name": "http://www.securiteam.com/exploits/5UP0715FPC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5UP0715FPC.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2397.json b/2004/2xxx/CVE-2004-2397.json index 058be5a3131..5ddb0d3c6b7 100644 --- a/2004/2xxx/CVE-2004-2397.json +++ b/2004/2xxx/CVE-2004-2397.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html", - "refsource" : "CONFIRM", - "url" : "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html" - }, - { - "name" : "10371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10371" - }, - { - "name" : "6218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6218" - }, - { - "name" : "11627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11627" - }, - { - "name" : "bluecoat-sgos-key-plaintext(16182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html", + "refsource": "CONFIRM", + "url": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html" + }, + { + "name": "10371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10371" + }, + { + "name": "11627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11627" + }, + { + "name": "bluecoat-sgos-key-plaintext(16182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182" + }, + { + "name": "6218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6218" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2472.json b/2008/2xxx/CVE-2008-2472.json index 528889ac61f..a2c32f1f6e4 100644 --- a/2008/2xxx/CVE-2008-2472.json +++ b/2008/2xxx/CVE-2008-2472.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2472", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2472", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2650.json b/2008/2xxx/CVE-2008-2650.json index 60afa216f3c..ee78b957172 100644 --- a/2008/2xxx/CVE-2008-2650.json +++ b/2008/2xxx/CVE-2008-2650.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5700", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5700" - }, - { - "name" : "http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17", - "refsource" : "CONFIRM", - "url" : "http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17" - }, - { - "name" : "29450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29450" - }, - { - "name" : "45881", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45881" - }, - { - "name" : "30463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30463" - }, - { - "name" : "cmsimple-index-file-include(42792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42792" - }, - { - "name" : "cmsimple-index-file-upload(42793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30463" + }, + { + "name": "45881", + "refsource": "OSVDB", + "url": "http://osvdb.org/45881" + }, + { + "name": "cmsimple-index-file-include(42792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42792" + }, + { + "name": "29450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29450" + }, + { + "name": "5700", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5700" + }, + { + "name": "cmsimple-index-file-upload(42793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42793" + }, + { + "name": "http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17", + "refsource": "CONFIRM", + "url": "http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2787.json b/2008/2xxx/CVE-2008-2787.json index 93460e3ef42..b83ce39b6aa 100644 --- a/2008/2xxx/CVE-2008-2787.json +++ b/2008/2xxx/CVE-2008-2787.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080617 S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493390/100/0/threaded" - }, - { - "name" : "http://www.s21sec.com/avisos/s21sec-044-en.txt", - "refsource" : "MISC", - "url" : "http://www.s21sec.com/avisos/s21sec-044-en.txt" - }, - { - "name" : "29765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29765" - }, - { - "name" : "1020300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020300" - }, - { - "name" : "30750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30750" - }, - { - "name" : "3948", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3948" - }, - { - "name" : "opendocman-out-xss(43135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3948", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3948" + }, + { + "name": "opendocman-out-xss(43135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43135" + }, + { + "name": "30750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30750" + }, + { + "name": "29765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29765" + }, + { + "name": "http://www.s21sec.com/avisos/s21sec-044-en.txt", + "refsource": "MISC", + "url": "http://www.s21sec.com/avisos/s21sec-044-en.txt" + }, + { + "name": "1020300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020300" + }, + { + "name": "20080617 S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493390/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2839.json b/2008/2xxx/CVE-2008-2839.json index f0fac27cdfe..d766a9bbc13 100644 --- a/2008/2xxx/CVE-2008-2839.json +++ b/2008/2xxx/CVE-2008-2839.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5848", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5848" - }, - { - "name" : "29790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29790" - }, - { - "name" : "traindepot-index-xss(43160)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29790" + }, + { + "name": "5848", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5848" + }, + { + "name": "traindepot-index-xss(43160)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43160" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6252.json b/2008/6xxx/CVE-2008-6252.json index 4ceb7af6d7e..62ff48ef84f 100644 --- a/2008/6xxx/CVE-2008-6252.json +++ b/2008/6xxx/CVE-2008-6252.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7088", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7088" - }, - { - "name" : "http://blog.xwings.net/?p=127", - "refsource" : "MISC", - "url" : "http://blog.xwings.net/?p=127" - }, - { - "name" : "http://www.macupdate.com/info.php/id/23049", - "refsource" : "CONFIRM", - "url" : "http://www.macupdate.com/info.php/id/23049" - }, - { - "name" : "32252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32252" - }, - { - "name" : "49796", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49796" - }, - { - "name" : "32679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32679" - }, - { - "name" : "ADV-2008-3126", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3126" - }, - { - "name" : "smcfancontrol-main-bo(46551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32252" + }, + { + "name": "smcfancontrol-main-bo(46551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46551" + }, + { + "name": "7088", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7088" + }, + { + "name": "ADV-2008-3126", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3126" + }, + { + "name": "http://blog.xwings.net/?p=127", + "refsource": "MISC", + "url": "http://blog.xwings.net/?p=127" + }, + { + "name": "49796", + "refsource": "OSVDB", + "url": "http://osvdb.org/49796" + }, + { + "name": "http://www.macupdate.com/info.php/id/23049", + "refsource": "CONFIRM", + "url": "http://www.macupdate.com/info.php/id/23049" + }, + { + "name": "32679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32679" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6766.json b/2008/6xxx/CVE-2008-6766.json index ed8274adcc1..e92bd94040e 100644 --- a/2008/6xxx/CVE-2008-6766.json +++ b/2008/6xxx/CVE-2008-6766.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081229 ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499625/100/0/threaded" - }, - { - "name" : "53285", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/53285" - }, - { - "name" : "1021497", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to cause a denial of service (excessive shopping carts) via a flood of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081229 ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499625/100/0/threaded" + }, + { + "name": "53285", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/53285" + }, + { + "name": "1021497", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021497" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1201.json b/2012/1xxx/CVE-2012-1201.json index 1f0b6161324..ba939b96c5c 100644 --- a/2012/1xxx/CVE-2012-1201.json +++ b/2012/1xxx/CVE-2012-1201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1234.json b/2012/1xxx/CVE-2012-1234.json index 713b8905675..c44066d6a3c 100644 --- a/2012/1xxx/CVE-2012-1234.json +++ b/2012/1xxx/CVE-2012-1234.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1650.json b/2012/1xxx/CVE-2012-1650.json index 2247f4e574f..43e88114436 100644 --- a/2012/1xxx/CVE-2012-1650.json +++ b/2012/1xxx/CVE-2012-1650.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ZipCart module 6.x before 6.x-1.4 for Drupal checks the \"access content\" permission instead of the \"access ZipCart downloads\" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" - }, - { - "name" : "https://drupal.org/node/1461446", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1461446" - }, - { - "name" : "http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2" - }, - { - "name" : "https://drupal.org/node/1460892", - "refsource" : "CONFIRM", - "url" : "https://drupal.org/node/1460892" - }, - { - "name" : "52231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52231" - }, - { - "name" : "79766", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79766" - }, - { - "name" : "zipcart-archives-security-bypass(73609)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ZipCart module 6.x before 6.x-1.4 for Drupal checks the \"access content\" permission instead of the \"access ZipCart downloads\" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2" + }, + { + "name": "https://drupal.org/node/1461446", + "refsource": "MISC", + "url": "https://drupal.org/node/1461446" + }, + { + "name": "https://drupal.org/node/1460892", + "refsource": "CONFIRM", + "url": "https://drupal.org/node/1460892" + }, + { + "name": "79766", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79766" + }, + { + "name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/04/07/1" + }, + { + "name": "zipcart-archives-security-bypass(73609)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73609" + }, + { + "name": "52231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52231" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5110.json b/2012/5xxx/CVE-2012-5110.json index 957b0a19d55..234689c83c8 100644 --- a/2012/5xxx/CVE-2012-5110.json +++ b/2012/5xxx/CVE-2012-5110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=151449", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=151449" - }, - { - "name" : "oval:org.mitre.oval:def:14901", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compositor in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14901", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14901" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=151449", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=151449" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5367.json b/2012/5xxx/CVE-2012-5367.json index 90f3c76a25c..9adafb66849 100644 --- a/2012/5xxx/CVE-2012-5367.json +++ b/2012/5xxx/CVE-2012-5367.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121105 SQL Injection Vulnerability in OrangeHRM", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0029.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23119", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23119" - }, - { - "name" : "http://packetstormsecurity.org/files/117925/OrangeHRM-2.7.1-rc.1-Cross-Site-Request-Forgery-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/117925/OrangeHRM-2.7.1-rc.1-Cross-Site-Request-Forgery-SQL-Injection.html" - }, - { - "name" : "56417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56417" - }, - { - "name" : "86858", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86858" - }, - { - "name" : "orangehrm-index-sql-injection(79833)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/117925/OrangeHRM-2.7.1-rc.1-Cross-Site-Request-Forgery-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/117925/OrangeHRM-2.7.1-rc.1-Cross-Site-Request-Forgery-SQL-Injection.html" + }, + { + "name": "86858", + "refsource": "OSVDB", + "url": "http://osvdb.org/86858" + }, + { + "name": "56417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56417" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23119", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23119" + }, + { + "name": "orangehrm-index-sql-injection(79833)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79833" + }, + { + "name": "20121105 SQL Injection Vulnerability in OrangeHRM", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0029.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5430.json b/2012/5xxx/CVE-2012-5430.json index 3be03d8cee1..6e8d1d4a74a 100644 --- a/2012/5xxx/CVE-2012-5430.json +++ b/2012/5xxx/CVE-2012-5430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5511.json b/2012/5xxx/CVE-2012-5511.json index fb3687944c4..8d5f639d340 100644 --- a/2012/5xxx/CVE-2012-5511.json +++ b/2012/5xxx/CVE-2012-5511.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121203 Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/03/10" - }, - { - "name" : "http://support.citrix.com/article/CTX135777", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX135777" - }, - { - "name" : "DSA-2636", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2636" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "SUSE-SU-2012:1615", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html" - }, - { - "name" : "openSUSE-SU-2013:0133", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html" - }, - { - "name" : "openSUSE-SU-2012:1685", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html" - }, - { - "name" : "openSUSE-SU-2012:1687", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html" - }, - { - "name" : "openSUSE-SU-2013:0636", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" - }, - { - "name" : "openSUSE-SU-2013:0637", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "56796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56796" - }, - { - "name" : "88129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/88129" - }, - { - "name" : "51397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51397" - }, - { - "name" : "51486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51486" - }, - { - "name" : "51487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51487" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-hvm-dos(80484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "openSUSE-SU-2013:0133", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html" + }, + { + "name": "[oss-security] 20121203 Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/03/10" + }, + { + "name": "openSUSE-SU-2013:0637", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html" + }, + { + "name": "56796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56796" + }, + { + "name": "http://support.citrix.com/article/CTX135777", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX135777" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "DSA-2636", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2636" + }, + { + "name": "51397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51397" + }, + { + "name": "openSUSE-SU-2012:1685", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html" + }, + { + "name": "51486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51486" + }, + { + "name": "51487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51487" + }, + { + "name": "88129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/88129" + }, + { + "name": "openSUSE-SU-2013:0636", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "openSUSE-SU-2012:1687", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html" + }, + { + "name": "SUSE-SU-2012:1615", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html" + }, + { + "name": "xen-hvm-dos(80484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80484" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5530.json b/2012/5xxx/CVE-2012-5530.json index 99e9f72854f..4c5dea5952a 100644 --- a/2012/5xxx/CVE-2012-5530.json +++ b/2012/5xxx/CVE-2012-5530.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=782967", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=782967" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=875842", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=875842" - }, - { - "name" : "SUSE-SU-2013:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html" - }, - { - "name" : "56656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56656" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=875842", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842" + }, + { + "name": "SUSE-SU-2013:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=782967", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=782967" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5581.json b/2012/5xxx/CVE-2012-5581.json index 2999de66521..c0e664f754f 100644 --- a/2012/5xxx/CVE-2012-5581.json +++ b/2012/5xxx/CVE-2012-5581.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121128 libtiff: Stack based buffer overflow when handling DOTRANGE tags", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/28/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=867235", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=867235" - }, - { - "name" : "DSA-2589", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2589" - }, - { - "name" : "RHSA-2012:1590", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1590.html" - }, - { - "name" : "openSUSE-SU-2013:0187", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html" - }, - { - "name" : "USN-1655-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1655-1" - }, - { - "name" : "56715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56715" - }, - { - "name" : "51491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51491" - }, - { - "name" : "libtiff-dotrange-bo(80339)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "libtiff-dotrange-bo(80339)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80339" + }, + { + "name": "DSA-2589", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2589" + }, + { + "name": "56715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56715" + }, + { + "name": "openSUSE-SU-2013:0187", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00076.html" + }, + { + "name": "51491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51491" + }, + { + "name": "USN-1655-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1655-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=867235", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=867235" + }, + { + "name": "[oss-security] 20121128 libtiff: Stack based buffer overflow when handling DOTRANGE tags", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/28/1" + }, + { + "name": "RHSA-2012:1590", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1590.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5801.json b/2012/5xxx/CVE-2012-5801.json index 6f1f8cef1d8..b8cf3175210 100644 --- a/2012/5xxx/CVE-2012-5801.json +++ b/2012/5xxx/CVE-2012-5801.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11146.json b/2017/11xxx/CVE-2017-11146.json index 615b0aa289e..bfbdf9d03a7 100644 --- a/2017/11xxx/CVE-2017-11146.json +++ b/2017/11xxx/CVE-2017-11146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11146", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11146", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11526.json b/2017/11xxx/CVE-2017-11526.json index 1fcc9ae930e..62ffaa1a2f5 100644 --- a/2017/11xxx/CVE-2017-11526.json +++ b/2017/11xxx/CVE-2017-11526.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867825", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867825" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/527", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/527" - }, - { - "name" : "99932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867825", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867825" + }, + { + "name": "99932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99932" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/527", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/527" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11670.json b/2017/11xxx/CVE-2017-11670.json index 15999ba36ca..4aff03231e3 100644 --- a/2017/11xxx/CVE-2017-11670.json +++ b/2017/11xxx/CVE-2017-11670.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/07/31/3", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/07/31/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by generating specially crafted network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/07/31/3", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/07/31/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11712.json b/2017/11xxx/CVE-2017-11712.json index cc1d0522a88..6b8c3ad3bdf 100644 --- a/2017/11xxx/CVE-2017-11712.json +++ b/2017/11xxx/CVE-2017-11712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11807.json b/2017/11xxx/CVE-2017-11807.json index a31de6210f9..7a1dfc9e83f 100644 --- a/2017/11xxx/CVE-2017-11807.json +++ b/2017/11xxx/CVE-2017-11807.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore and Microsoft Windows 10 1703" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "ChakraCore and Microsoft Windows 10 1703" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11807", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11807" - }, - { - "name" : "101134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101134" - }, - { - "name" : "1039529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039529" + }, + { + "name": "101134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101134" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11807", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11807" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3533.json b/2017/3xxx/CVE-2017-3533.json index 1d4b22e1515..20f06cb26a8 100644 --- a/2017/3xxx/CVE-2017-3533.json +++ b/2017/3xxx/CVE-2017-3533.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u141" - }, - { - "version_affected" : "=", - "version_value" : "7u131" - }, - { - "version_affected" : "=", - "version_value" : "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u141" + }, + { + "version_affected": "=", + "version_value": "7u131" + }, + { + "version_affected": "=", + "version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3858" - }, - { - "name" : "GLSA-201705-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-03" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "RHSA-2017:1108", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1108" - }, - { - "name" : "RHSA-2017:1109", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1109" - }, - { - "name" : "RHSA-2017:1117", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1117" - }, - { - "name" : "RHSA-2017:1118", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1118" - }, - { - "name" : "RHSA-2017:1119", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1119" - }, - { - "name" : "RHSA-2017:1204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1204" - }, - { - "name" : "RHSA-2017:1220", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1220" - }, - { - "name" : "RHSA-2017:1221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1221" - }, - { - "name" : "RHSA-2017:1222", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1222" - }, - { - "name" : "97740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97740" - }, - { - "name" : "1038286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1221" + }, + { + "name": "GLSA-201705-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-03" + }, + { + "name": "RHSA-2017:1220", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1220" + }, + { + "name": "97740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97740" + }, + { + "name": "RHSA-2017:1117", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1117" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2017:1109", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1109" + }, + { + "name": "1038286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038286" + }, + { + "name": "DSA-3858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3858" + }, + { + "name": "RHSA-2017:1108", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1108" + }, + { + "name": "RHSA-2017:1204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1204" + }, + { + "name": "RHSA-2017:1118", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1118" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:1222", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1222" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "RHSA-2017:1119", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1119" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3758.json b/2017/3xxx/CVE-2017-3758.json index afbc0add7d4..6b49be1322d 100644 --- a/2017/3xxx/CVE-2017-3758.json +++ b/2017/3xxx/CVE-2017-3758.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2017-10-05T00:00:00", - "ID" : "CVE-2017-3758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Service Framework application", - "version" : { - "version_data" : [ - { - "version_value" : "various versions" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2017-10-05T00:00:00", + "ID": "CVE-2017-3758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Service Framework application", + "version": { + "version_data": [ + { + "version_value": "various versions" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-15374", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-15374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-15374", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-15374" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3800.json b/2017/3xxx/CVE-2017-3800.json index a1db94104ae..6dd565d21c4 100644 --- a/2017/3xxx/CVE-2017-3800.json +++ b/2017/3xxx/CVE-2017-3800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco AsyncOS", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco AsyncOS" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco AsyncOS", + "version": { + "version_data": [ + { + "version_value": "Cisco AsyncOS" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa" - }, - { - "name" : "95637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95637" - }, - { - "name" : "1037656", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa" + }, + { + "name": "1037656", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037656" + }, + { + "name": "95637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95637" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3848.json b/2017/3xxx/CVE-2017-3848.json index f41945865bb..680b0c961fb 100644 --- a/2017/3xxx/CVE-2017-3848.json +++ b/2017/3xxx/CVE-2017-3848.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Infrastructure", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Infrastructure" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Infrastructure", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Infrastructure" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi" - }, - { - "name" : "96505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96505" - }, - { - "name" : "1037947", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96505" + }, + { + "name": "1037947", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037947" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-cpi" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7345.json b/2017/7xxx/CVE-2017-7345.json index cbf2a4c26a2..555e46466df 100644 --- a/2017/7xxx/CVE-2017-7345.json +++ b/2017/7xxx/CVE-2017-7345.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/NTAP-20170331-0002", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/NTAP-20170331-0002" - }, - { - "name" : "97537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002" + }, + { + "name": "97537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97537" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7704.json b/2017/7xxx/CVE-2017-7704.json index 4ab9c9101d9..62a1a1386d4 100644 --- a/2017/7xxx/CVE-2017-7704.json +++ b/2017/7xxx/CVE-2017-7704.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-17.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-17.html" - }, - { - "name" : "GLSA-201706-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-12" - }, - { - "name" : "97634", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97634" - }, - { - "name" : "1038262", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-17.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-17.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e" + }, + { + "name": "1038262", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038262" + }, + { + "name": "97634", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97634" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8" + }, + { + "name": "GLSA-201706-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-12" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7827.json b/2017/7xxx/CVE-2017-7827.json index 1a292122441..ef26fae60b7 100644 --- a/2017/7xxx/CVE-2017-7827.json +++ b/2017/7xxx/CVE-2017-7827.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "57" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 57" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "57" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" - }, - { - "name" : "101832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101832" - }, - { - "name" : "1039803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 57" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" + }, + { + "name": "101832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101832" + }, + { + "name": "1039803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039803" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8016.json b/2017/8xxx/CVE-2017-8016.json index eb1cb10d40d..231886983fd 100644 --- a/2017/8xxx/CVE-2017-8016.json +++ b/2017/8xxx/CVE-2017-8016.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Archer GRC Platform versions prior to 6.2.0.5", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Archer GRC Platform versions prior to 6.2.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Archer GRC Platform versions prior to 6.2.0.5", + "version": { + "version_data": [ + { + "version_value": "RSA Archer GRC Platform versions prior to 6.2.0.5" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Oct/12", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Oct/12" - }, - { - "name" : "1039518", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039518", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039518" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Oct/12", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Oct/12" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8074.json b/2017/8xxx/CVE-2017-8074.json index c9c10b1a121..dbf3231ae6c 100644 --- a/2017/8xxx/CVE-2017-8074.json +++ b/2017/8xxx/CVE-2017-8074.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from \"SEND data\" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", - "refsource" : "MISC", - "url" : "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/" - }, - { - "name" : "97981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from \"SEND data\" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", + "refsource": "MISC", + "url": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/" + }, + { + "name": "97981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97981" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8113.json b/2017/8xxx/CVE-2017-8113.json index 4f4bffcf1b8..f01c8bd8753 100644 --- a/2017/8xxx/CVE-2017-8113.json +++ b/2017/8xxx/CVE-2017-8113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8456.json b/2017/8xxx/CVE-2017-8456.json index 96a4f3cf879..bbbc7c20ef3 100644 --- a/2017/8xxx/CVE-2017-8456.json +++ b/2017/8xxx/CVE-2017-8456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8628.json b/2017/8xxx/CVE-2017-8628.json index 24aeb8a0229..61bbcf5c3a7 100644 --- a/2017/8xxx/CVE-2017-8628.json +++ b/2017/8xxx/CVE-2017-8628.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Bluetooth Driver", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka \"Microsoft Bluetooth Driver Spoofing Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Bluetooth Driver", + "version": { + "version_data": [ + { + "version_value": "Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628" - }, - { - "name" : "100744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100744" - }, - { - "name" : "1039339", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039339" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka \"Microsoft Bluetooth Driver Spoofing Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039339", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039339" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628" + }, + { + "name": "100744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100744" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8861.json b/2017/8xxx/CVE-2017-8861.json index c0ee8b6a1bb..82211a64733 100644 --- a/2017/8xxx/CVE-2017-8861.json +++ b/2017/8xxx/CVE-2017-8861.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/", - "refsource" : "MISC", - "url" : "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/", + "refsource": "MISC", + "url": "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10029.json b/2018/10xxx/CVE-2018-10029.json index 68d808765c1..ac8aaded531 100644 --- a/2018/10xxx/CVE-2018-10029.json +++ b/2018/10xxx/CVE-2018-10029.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zxyxx/cmsms_vul", - "refsource" : "MISC", - "url" : "https://github.com/zxyxx/cmsms_vul" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in admin/moduleinterface.php via the m1_name parameter, related to moduledepends, a different vulnerability than CVE-2017-16799." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zxyxx/cmsms_vul", + "refsource": "MISC", + "url": "https://github.com/zxyxx/cmsms_vul" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10177.json b/2018/10xxx/CVE-2018-10177.json index fe8218384e4..73e58a8910a 100644 --- a/2018/10xxx/CVE-2018-10177.json +++ b/2018/10xxx/CVE-2018-10177.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1095", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1095" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1095", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1095" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10409.json b/2018/10xxx/CVE-2018-10409.json index 9d4ca9ac23a..5e589230801 100644 --- a/2018/10xxx/CVE-2018-10409.json +++ b/2018/10xxx/CVE-2018-10409.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10409", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10409", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10600.json b/2018/10xxx/CVE-2018-10600.json index 52fb751a50a..4f66fa127b2 100644 --- a/2018/10xxx/CVE-2018-10600.json +++ b/2018/10xxx/CVE-2018-10600.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-10T00:00:00", - "ID" : "CVE-2018-10600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AcSELerator Architect", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.24.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Schweitzer Engineering Laboratories, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-10T00:00:00", + "ID": "CVE-2018-10600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AcSELerator Architect", + "version": { + "version_data": [ + { + "version_value": "2.2.24.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Schweitzer Engineering Laboratories, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE ('XXE') CWE-611" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-191-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12093.json b/2018/12xxx/CVE-2018-12093.json index b1a5f5b657f..b5ea2cd18b2 100644 --- a/2018/12xxx/CVE-2018-12093.json +++ b/2018/12xxx/CVE-2018-12093.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/syoyo/tinyexr/issues/79", - "refsource" : "MISC", - "url" : "https://github.com/syoyo/tinyexr/issues/79" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/syoyo/tinyexr/issues/79", + "refsource": "MISC", + "url": "https://github.com/syoyo/tinyexr/issues/79" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12804.json b/2018/12xxx/CVE-2018-12804.json index 3940b5e1141..86e40a801c5 100644 --- a/2018/12xxx/CVE-2018-12804.json +++ b/2018/12xxx/CVE-2018-12804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Connect 9.7.5 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Connect 9.7.5 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Connect 9.7.5 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Connect 9.7.5 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/connect/apsb18-22.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/connect/apsb18-22.html" - }, - { - "name" : "104697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104697" - }, - { - "name" : "1041264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104697" + }, + { + "name": "1041264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041264" + }, + { + "name": "https://helpx.adobe.com/security/products/connect/apsb18-22.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/connect/apsb18-22.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13042.json b/2018/13xxx/CVE-2018-13042.json index 991312c5831..ba177a21e09 100644 --- a/2018/13xxx/CVE-2018-13042.json +++ b/2018/13xxx/CVE-2018-13042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46165", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46165/" - }, - { - "name" : "https://app-updates.agilebits.com/product_history/OPA4", - "refsource" : "CONFIRM", - "url" : "https://app-updates.agilebits.com/product_history/OPA4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46165", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46165/" + }, + { + "name": "https://app-updates.agilebits.com/product_history/OPA4", + "refsource": "CONFIRM", + "url": "https://app-updates.agilebits.com/product_history/OPA4" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13091.json b/2018/13xxx/CVE-2018-13091.json index 267b8581ff9..8e24eaf82f0 100644 --- a/2018/13xxx/CVE-2018-13091.json +++ b/2018/13xxx/CVE-2018-13091.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/sumocoin/sumocoin.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13778.json b/2018/13xxx/CVE-2018-13778.json index 7510bed2f13..f8e46a56078 100644 --- a/2018/13xxx/CVE-2018-13778.json +++ b/2018/13xxx/CVE-2018-13778.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CGCToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CGCToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CGCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CGCToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CGCToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13823.json b/2018/13xxx/CVE-2018-13823.json index 210a717618b..5e3b17350fc 100644 --- a/2018/13xxx/CVE-2018-13823.json +++ b/2018/13xxx/CVE-2018-13823.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-08-29T00:00:00", - "ID" : "CVE-2018-13823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PPM", - "version" : { - "version_data" : [ - { - "version_value" : "15.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-08-29T00:00:00", + "ID": "CVE-2018-13823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PPM", + "version": { + "version_data": [ + { + "version_value": "15.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" - }, - { - "name" : "105297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105297" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01--security-notice-for-ca-ppm.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17158.json b/2018/17xxx/CVE-2018-17158.json index f5a38cc7bca..539aad03fa5 100644 --- a/2018/17xxx/CVE-2018-17158.json +++ b/2018/17xxx/CVE-2018-17158.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "ID" : "CVE-2018-17158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p5" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kernel integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2018-17158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p5" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/" - }, - { - "name" : "FreeBSD-SA-18:13", - "refsource" : "FREEBSD", - "url" : "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc" - }, - { - "name" : "106192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106192" - }, - { - "name" : "1042164", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Unprivileged remote users with access to the NFS server can crash the system by sending a specially crafted NFSv4 request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106192" + }, + { + "name": "FreeBSD-SA-18:13", + "refsource": "FREEBSD", + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc" + }, + { + "name": "1042164", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042164" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17194.json b/2018/17xxx/CVE-2018-17194.json index 725d4c8e720..498332f6814 100644 --- a/2018/17xxx/CVE-2018-17194.json +++ b/2018/17xxx/CVE-2018-17194.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2018-17194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "Apache NiFi 1.0.0 - 1.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2018-17194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.0.0 - 1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2018-17194", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2018-17194" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and eventually timeout. Mitigation: The fix to check DELETE requests and overwrite non-zero Content-Length header values was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nifi.apache.org/security.html#CVE-2018-17194", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2018-17194" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17490.json b/2018/17xxx/CVE-2018-17490.json index 42fed2e7e20..61188c79452 100644 --- a/2018/17xxx/CVE-2018-17490.json +++ b/2018/17xxx/CVE-2018-17490.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17490", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17490", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17519.json b/2018/17xxx/CVE-2018-17519.json index 5b73b33723a..4b510055906 100644 --- a/2018/17xxx/CVE-2018-17519.json +++ b/2018/17xxx/CVE-2018-17519.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17519", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17519", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17963.json b/2018/17xxx/CVE-2018-17963.json index 12326caa634..25598909840 100644 --- a/2018/17xxx/CVE-2018-17963.json +++ b/2018/17xxx/CVE-2018-17963.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181008 Qemu: integer overflow issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/10/08/1" - }, - { - "name" : "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html" - }, - { - "name" : "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" - }, - { - "name" : "DSA-4338", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4338" - }, - { - "name" : "USN-3826-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3826-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20181008 Qemu: integer overflow issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/10/08/1" + }, + { + "name": "DSA-4338", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4338" + }, + { + "name": "[qemu-devel] 20180926 [PULL 24/25] net: ignore packet size greater than INT_MAX", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-09/msg03267.html" + }, + { + "name": "USN-3826-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3826-1/" + }, + { + "name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1599-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html" + } + ] + } +} \ No newline at end of file