diff --git a/2002/1xxx/CVE-2002-1072.json b/2002/1xxx/CVE-2002-1072.json index 0661579dd29..ec94361b807 100644 --- a/2002/1xxx/CVE-2002-1072.json +++ b/2002/1xxx/CVE-2002-1072.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented \"jolt\" style ICMP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html" - }, - { - "name" : "20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/283999" - }, - { - "name" : "5292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5292" - }, - { - "name" : "zyxel-jolt-dos(9655)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9655.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented \"jolt\" style ICMP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zyxel-jolt-dos(9655)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9655.php" + }, + { + "name": "20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html" + }, + { + "name": "20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/283999" + }, + { + "name": "5292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5292" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0223.json b/2003/0xxx/CVE-2003-0223.json index 07b4eea08de..2ad009b4a60 100644 --- a/2003/0xxx/CVE-2003-0223.json +++ b/2003/0xxx/CVE-2003-0223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018" - }, - { - "name" : "oval:org.mitre.oval:def:66", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS03-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018" + }, + { + "name": "oval:org.mitre.oval:def:66", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0255.json b/2003/0xxx/CVE-2003-0255.json index 29d88058748..351d2263e1b 100644 --- a/2003/0xxx/CVE-2003-0255.json +++ b/2003/0xxx/CVE-2003-0255.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030504 Key validity bug in GnuPG 1.2.1 and earlier", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105215110111174&w=2" - }, - { - "name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html", - "refsource" : "MISC", - "url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html" - }, - { - "name" : "CLA-2003:694", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694" - }, - { - "name" : "ESA-20030515-016", - "refsource" : "ENGARDE", - "url" : "http://marc.info/?l=bugtraq&m=105301357425157&w=2" - }, - { - "name" : "20030515-016", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html" - }, - { - "name" : "RHSA-2003:175", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-175.html" - }, - { - "name" : "RHSA-2003:176", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-176.html" - }, - { - "name" : "MDKSA-2003:061", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061" - }, - { - "name" : "TLSA200334", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-34.txt" - }, - { - "name" : "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105311804129104&w=2" - }, - { - "name" : "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105362224514081&w=2" - }, - { - "name" : "VU#397604", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/397604" - }, - { - "name" : "7497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7497" - }, - { - "name" : "4947", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4947" - }, - { - "name" : "oval:org.mitre.oval:def:135", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135" - }, - { - "name" : "gnupg-invalid-key-acceptance(11930)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TLSA200334", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-34.txt" + }, + { + "name": "RHSA-2003:175", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-175.html" + }, + { + "name": "4947", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4947" + }, + { + "name": "oval:org.mitre.oval:def:135", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135" + }, + { + "name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105362224514081&w=2" + }, + { + "name": "7497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7497" + }, + { + "name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105311804129104&w=2" + }, + { + "name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html", + "refsource": "MISC", + "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html" + }, + { + "name": "MDKSA-2003:061", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061" + }, + { + "name": "gnupg-invalid-key-acceptance(11930)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930" + }, + { + "name": "CLA-2003:694", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694" + }, + { + "name": "RHSA-2003:176", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-176.html" + }, + { + "name": "20030515-016", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html" + }, + { + "name": "ESA-20030515-016", + "refsource": "ENGARDE", + "url": "http://marc.info/?l=bugtraq&m=105301357425157&w=2" + }, + { + "name": "VU#397604", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/397604" + }, + { + "name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105215110111174&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0284.json b/2003/0xxx/CVE-2003-0284.json index 353a0eb5560..9e32ce2c696 100644 --- a/2003/0xxx/CVE-2003-0284.json +++ b/2003/0xxx/CVE-2003-0284.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121" - }, - { - "name" : "VU#184820", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/184820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121" + }, + { + "name": "VU#184820", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/184820" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0547.json b/2003/0xxx/CVE-2003-0547.json index e49520b0365..540281fd8f9 100644 --- a/2003/0xxx/CVE-2003-0547.json +++ b/2003/0xxx/CVE-2003-0547.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", - "refsource" : "CONFIRM", - "url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html" - }, - { - "name" : "RHSA-2003:258", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html" - }, - { - "name" : "CLA-2003:729", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729" - }, - { - "name" : "20030824 [slackware-security] GDM security update (SSA:2003-236-01)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106194792924122&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:112", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2003:729", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729" + }, + { + "name": "RHSA-2003:258", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html" + }, + { + "name": "oval:org.mitre.oval:def:112", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112" + }, + { + "name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", + "refsource": "CONFIRM", + "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html" + }, + { + "name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106194792924122&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0854.json b/2003/0xxx/CVE-2003-0854.json index a81e08cfff7..467f8564e4d 100644 --- a/2003/0xxx/CVE-2003-0854.json +++ b/2003/0xxx/CVE-2003-0854.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031022 Fun with /bin/ls, yet still ls better than windows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html" - }, - { - "name" : "115", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/115" - }, - { - "name" : "http://www.guninski.com/binls.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/binls.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf" - }, - { - "name" : "CLA-2003:768", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768" - }, - { - "name" : "CLA-2003:771", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771" - }, - { - "name" : "DSA-705", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-705" - }, - { - "name" : "IMNX-2003-7+-026-01", - "refsource" : "IMMUNIX", - "url" : "http://www.securityfocus.com/advisories/6014" - }, - { - "name" : "MDKSA-2003:106", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106" - }, - { - "name" : "RHSA-2003:309", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html" - }, - { - "name" : "RHSA-2003:310", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html" - }, - { - "name" : "TLSA-2003-60", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt" - }, - { - "name" : "10126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10126" - }, - { - "name" : "17069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-705", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-705" + }, + { + "name": "CLA-2003:771", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf" + }, + { + "name": "115", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/115" + }, + { + "name": "CLA-2003:768", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768" + }, + { + "name": "20031022 Fun with /bin/ls, yet still ls better than windows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html" + }, + { + "name": "RHSA-2003:309", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-309.html" + }, + { + "name": "TLSA-2003-60", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-60.txt" + }, + { + "name": "RHSA-2003:310", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-310.html" + }, + { + "name": "IMNX-2003-7+-026-01", + "refsource": "IMMUNIX", + "url": "http://www.securityfocus.com/advisories/6014" + }, + { + "name": "17069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17069" + }, + { + "name": "http://www.guninski.com/binls.html", + "refsource": "MISC", + "url": "http://www.guninski.com/binls.html" + }, + { + "name": "10126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10126" + }, + { + "name": "MDKSA-2003:106", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1130.json b/2003/1xxx/CVE-2003-1130.json index 160c5b58c4b..55905200a6c 100644 --- a/2003/1xxx/CVE-2003-1130.json +++ b/2003/1xxx/CVE-2003-1130.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1130", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-1130", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1222.json b/2003/1xxx/CVE-2003-1222.json index 0d1d40fc273..9dd820a8239 100644 --- a/2003/1xxx/CVE-2003-1222.json +++ b/2003/1xxx/CVE-2003-1222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA03-41.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/63" - }, - { - "name" : "9034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9034" + }, + { + "name": "BEA03-41.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/63" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1419.json b/2003/1xxx/CVE-2003-1419.json index 288ef3ba5a1..3b6da5ff867 100644 --- a/2003/1xxx/CVE-2003-1419.json +++ b/2003/1xxx/CVE-2003-1419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" - }, - { - "name" : "6959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6959" - }, - { - "name" : "netscape-javascript-reformatdate-dos(11444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html" + }, + { + "name": "6959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6959" + }, + { + "name": "netscape-javascript-reformatdate-dos(11444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0184.json b/2004/0xxx/CVE-2004-0184.json index 4e3b5e485c1..ce6344c401f 100644 --- a/2004/0xxx/CVE-2004-0184.json +++ b/2004/0xxx/CVE-2004-0184.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108067265931525&w=2" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0017.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0017.html" - }, - { - "name" : "http://www.tcpdump.org/tcpdump-changes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tcpdump.org/tcpdump-changes.txt" - }, - { - "name" : "DSA-478", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-478" - }, - { - "name" : "FEDORA-2004-1468", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1468" - }, - { - "name" : "RHSA-2004:219", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-219.html" - }, - { - "name" : "2004-0015", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0015" - }, - { - "name" : "VU#492558", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/492558" - }, - { - "name" : "10004", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10004" - }, - { - "name" : "oval:org.mitre.oval:def:976", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A976" - }, - { - "name" : "oval:org.mitre.oval:def:9581", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9581" - }, - { - "name" : "1009593", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009593" - }, - { - "name" : "11258", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11258" - }, - { - "name" : "tcpdump-isakmp-integer-underflow(15679)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15679" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#492558", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/492558" + }, + { + "name": "RHSA-2004:219", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-219.html" + }, + { + "name": "1009593", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009593" + }, + { + "name": "DSA-478", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-478" + }, + { + "name": "11258", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11258" + }, + { + "name": "2004-0015", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0015" + }, + { + "name": "oval:org.mitre.oval:def:9581", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9581" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0017.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0017.html" + }, + { + "name": "FEDORA-2004-1468", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1468" + }, + { + "name": "10004", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10004" + }, + { + "name": "http://www.tcpdump.org/tcpdump-changes.txt", + "refsource": "CONFIRM", + "url": "http://www.tcpdump.org/tcpdump-changes.txt" + }, + { + "name": "oval:org.mitre.oval:def:976", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A976" + }, + { + "name": "20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108067265931525&w=2" + }, + { + "name": "tcpdump-isakmp-integer-underflow(15679)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15679" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0207.json b/2004/0xxx/CVE-2004-0207.json index 8a6c095879a..515380056ef 100644 --- a/2004/0xxx/CVE-2004-0207.json +++ b/2004/0xxx/CVE-2004-0207.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "\"Shatter\" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041013 SetWindowLong Shatter Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109777417922695&w=2" - }, - { - "name" : "MS04-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-032" - }, - { - "name" : "win-mngmt-api-gain-privileges(16579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16579" - }, - { - "name" : "win-ms04032-patch(17658)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17658" - }, - { - "name" : "VU#218526", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/218526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "\"Shatter\" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win-mngmt-api-gain-privileges(16579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16579" + }, + { + "name": "20041013 SetWindowLong Shatter Attacks", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109777417922695&w=2" + }, + { + "name": "VU#218526", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/218526" + }, + { + "name": "win-ms04032-patch(17658)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17658" + }, + { + "name": "MS04-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-032" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0942.json b/2004/0xxx/CVE-2004-0942.json index 52173426628..e748933385d 100644 --- a/2004/0xxx/CVE-2004-0942.json +++ b/2004/0xxx/CVE-2004-0942.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041101 DoS in Apache 2.0.52 ?", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "SSRT4876", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=110384374213596&w=2" - }, - { - "name" : "HPSBUX01123", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" - }, - { - "name" : "MDKSA-2004:135", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:135" - }, - { - "name" : "RHSA-2004:562", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-562.html" - }, - { - "name" : "102198", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" - }, - { - "name" : "2004-0061", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0061/" - }, - { - "name" : "oval:org.mitre.oval:def:10962", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10962" - }, - { - "name" : "ADV-2006-0789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0789" - }, - { - "name" : "19072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19072" - }, - { - "name" : "apache-http-get-dos(17930)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:562", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-562.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" + }, + { + "name": "20041101 DoS in Apache 2.0.52 ?", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html" + }, + { + "name": "MDKSA-2004:135", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:135" + }, + { + "name": "apache-http-get-dos(17930)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17930" + }, + { + "name": "19072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19072" + }, + { + "name": "HPSBUX01123", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "2004-0061", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0061/" + }, + { + "name": "SSRT4876", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=110384374213596&w=2" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:10962", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10962" + }, + { + "name": "102198", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" + }, + { + "name": "ADV-2006-0789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0789" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2532.json b/2004/2xxx/CVE-2004-2532.json index 4412e1469a8..abae656b501 100644 --- a/2004/2xxx/CVE-2004-2532.json +++ b/2004/2xxx/CVE-2004-2532.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html" - }, - { - "name" : "10886", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10886" - }, - { - "name" : "8877", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8877" - }, - { - "name" : "servu-default-admin-account(16925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10886", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10886" + }, + { + "name": "servu-default-admin-account(16925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925" + }, + { + "name": "8877", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8877" + }, + { + "name": "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2675.json b/2004/2xxx/CVE-2004-2675.json index cf4cf705af3..493d119540d 100644 --- a/2004/2xxx/CVE-2004-2675.json +++ b/2004/2xxx/CVE-2004-2675.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html" - }, - { - "name" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx" - }, - { - "name" : "9770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9770" - }, - { - "name" : "11332", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11332" - }, - { - "name" : "11002", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11002" - }, - { - "name" : "argosoftftp-site-pass-dos(15412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9770" + }, + { + "name": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx", + "refsource": "CONFIRM", + "url": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx" + }, + { + "name": "11002", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11002" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html" + }, + { + "name": "11332", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11332" + }, + { + "name": "argosoftftp-site-pass-dos(15412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15412" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2065.json b/2008/2xxx/CVE-2008-2065.json index a76fc01a59b..de79793b1fd 100644 --- a/2008/2xxx/CVE-2008-2065.json +++ b/2008/2xxx/CVE-2008-2065.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5508", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5508" - }, - { - "name" : "28963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28963" - }, - { - "name" : "29981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29981" - }, - { - "name" : "jokessitescript-jokes-sql-injection(42047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28963" + }, + { + "name": "29981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29981" + }, + { + "name": "jokessitescript-jokes-sql-injection(42047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42047" + }, + { + "name": "5508", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5508" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2382.json b/2008/2xxx/CVE-2008-2382.json index e61d7cd1c9a..17a8e3359e6 100644 --- a/2008/2xxx/CVE-2008-2382.json +++ b/2008/2xxx/CVE-2008-2382.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499502/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/vnc-remote-dos", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/vnc-remote-dos" - }, - { - "name" : "FEDORA-2008-11705", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html" - }, - { - "name" : "SUSE-SR:2009:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" - }, - { - "name" : "SUSE-SR:2009:008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" - }, - { - "name" : "USN-776-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-776-1" - }, - { - "name" : "32910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32910" - }, - { - "name" : "34642", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34642" - }, - { - "name" : "35062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35062" - }, - { - "name" : "ADV-2008-3488", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3488" - }, - { - "name" : "ADV-2008-3489", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3489" - }, - { - "name" : "1021488", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021488" - }, - { - "name" : "1021489", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021489" - }, - { - "name" : "33293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33293" - }, - { - "name" : "33303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33303" - }, - { - "name" : "33350", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33350" - }, - { - "name" : "33568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33568" - }, - { - "name" : "4803", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4803" - }, - { - "name" : "qemu-kvm-protocolclientmsg-dos(47561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35062" + }, + { + "name": "1021489", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021489" + }, + { + "name": "4803", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4803" + }, + { + "name": "ADV-2008-3488", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3488" + }, + { + "name": "FEDORA-2008-11705", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html" + }, + { + "name": "33303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33303" + }, + { + "name": "34642", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34642" + }, + { + "name": "33293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33293" + }, + { + "name": "USN-776-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-776-1" + }, + { + "name": "33350", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33350" + }, + { + "name": "http://www.coresecurity.com/content/vnc-remote-dos", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/vnc-remote-dos" + }, + { + "name": "SUSE-SR:2009:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" + }, + { + "name": "33568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33568" + }, + { + "name": "SUSE-SR:2009:008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" + }, + { + "name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded" + }, + { + "name": "1021488", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021488" + }, + { + "name": "32910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32910" + }, + { + "name": "ADV-2008-3489", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3489" + }, + { + "name": "qemu-kvm-protocolclientmsg-dos(47561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0401.json b/2012/0xxx/CVE-2012-0401.json index 658b6bc931e..04ee69bfea1 100644 --- a/2012/0xxx/CVE-2012-0401.json +++ b/2012/0xxx/CVE-2012-0401.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-0401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html" - }, - { - "name" : "52557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52557" - }, - { - "name" : "1026819", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026819" - }, - { - "name" : "48484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48484" - }, - { - "name" : "envision-unspec-sql-injection(74137)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52557" + }, + { + "name": "48484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48484" + }, + { + "name": "envision-unspec-sql-injection(74137)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74137" + }, + { + "name": "1026819", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026819" + }, + { + "name": "20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0524.json b/2012/0xxx/CVE-2012-0524.json index 07bf02638ff..8cdf7cc8bc2 100644 --- a/2012/0xxx/CVE-2012-0524.json +++ b/2012/0xxx/CVE-2012-0524.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53127" - }, - { - "name" : "1026954", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026954" - }, - { - "name" : "48882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48882" + }, + { + "name": "53127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53127" + }, + { + "name": "1026954", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026954" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1310.json b/2012/1xxx/CVE-2012-1310.json index d470f885d72..d46f0ca48aa 100644 --- a/2012/1xxx/CVE-2012-1310.json +++ b/2012/1xxx/CVE-2012-1310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw" - }, - { - "name" : "52753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52753" - }, - { - "name" : "80696", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80696" - }, - { - "name" : "1026861", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026861" - }, - { - "name" : "48608", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52753" + }, + { + "name": "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw" + }, + { + "name": "80696", + "refsource": "OSVDB", + "url": "http://osvdb.org/80696" + }, + { + "name": "48608", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48608" + }, + { + "name": "1026861", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026861" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1338.json b/2012/1xxx/CVE-2012-1338.json index 649e4ac02ae..74ca759cb30 100644 --- a/2012/1xxx/CVE-2012-1338.json +++ b/2012/1xxx/CVE-2012-1338.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html" - }, - { - "name" : "1027349", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027349", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027349" + }, + { + "name": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1665.json b/2012/1xxx/CVE-2012-1665.json index 8e5078c258e..d9fde6bc716 100644 --- a/2012/1xxx/CVE-2012-1665.json +++ b/2012/1xxx/CVE-2012-1665.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120404 Multiple vulnerabilities in osCmax", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23081", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23081" - }, - { - "name" : "http://bugtrack.oscmax.com/view.php?id=1165", - "refsource" : "CONFIRM", - "url" : "http://bugtrack.oscmax.com/view.php?id=1165" - }, - { - "name" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update", - "refsource" : "CONFIRM", - "url" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update" - }, - { - "name" : "80900", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80900" - }, - { - "name" : "80901", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80901" - }, - { - "name" : "80902", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23081", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23081" + }, + { + "name": "80901", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80901" + }, + { + "name": "20120404 Multiple vulnerabilities in osCmax", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html" + }, + { + "name": "http://bugtrack.oscmax.com/view.php?id=1165", + "refsource": "CONFIRM", + "url": "http://bugtrack.oscmax.com/view.php?id=1165" + }, + { + "name": "80902", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80902" + }, + { + "name": "80900", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80900" + }, + { + "name": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update", + "refsource": "CONFIRM", + "url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1758.json b/2012/1xxx/CVE-2012-1758.json index 2907fb67ce9..afa5b872274 100644 --- a/2012/1xxx/CVE-2012-1758.json +++ b/2012/1xxx/CVE-2012-1758.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54571" - }, - { - "name" : "83961", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83961" - }, - { - "name" : "1027268", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027268" - }, - { - "name" : "supplychain-autovue-dos(77020)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027268", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027268" + }, + { + "name": "supplychain-autovue-dos(77020)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77020" + }, + { + "name": "83961", + "refsource": "OSVDB", + "url": "http://osvdb.org/83961" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "54571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54571" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5138.json b/2012/5xxx/CVE-2012-5138.json index bc9cbac9d6c..7279631fb5e 100644 --- a/2012/5xxx/CVE-2012-5138.json +++ b/2012/5xxx/CVE-2012-5138.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=161564", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=161564" - }, - { - "name" : "openSUSE-SU-2012:1637", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" - }, - { - "name" : "56741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56741" - }, - { - "name" : "oval:org.mitre.oval:def:15638", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15638" - }, - { - "name" : "51447", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html" + }, + { + "name": "openSUSE-SU-2012:1637", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html" + }, + { + "name": "56741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56741" + }, + { + "name": "oval:org.mitre.oval:def:15638", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15638" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=161564", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=161564" + }, + { + "name": "51447", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51447" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5230.json b/2012/5xxx/CVE-2012-5230.json index 0edce136f71..dda8c7e451e 100644 --- a/2012/5xxx/CVE-2012-5230.json +++ b/2012/5xxx/CVE-2012-5230.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://joomlaextensions.co.in/product/JE-Story-Submit", - "refsource" : "CONFIRM", - "url" : "http://joomlaextensions.co.in/product/JE-Story-Submit" - }, - { - "name" : "51679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51679" - }, - { - "name" : "78527", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78527" - }, - { - "name" : "47728", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47728" - }, - { - "name" : "jestorysubmit-joomla-unspecified(72750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47728", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47728" + }, + { + "name": "http://joomlaextensions.co.in/product/JE-Story-Submit", + "refsource": "CONFIRM", + "url": "http://joomlaextensions.co.in/product/JE-Story-Submit" + }, + { + "name": "51679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51679" + }, + { + "name": "jestorysubmit-joomla-unspecified(72750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72750" + }, + { + "name": "78527", + "refsource": "OSVDB", + "url": "http://osvdb.org/78527" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5333.json b/2012/5xxx/CVE-2012-5333.json index 073363ca25b..70c16f4e43b 100644 --- a/2012/5xxx/CVE-2012-5333.json +++ b/2012/5xxx/CVE-2012-5333.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18614", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18614" - }, - { - "name" : "52539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52539" - }, - { - "name" : "80190", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80190" - }, - { - "name" : "48443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48443" - }, - { - "name" : "preprinting-multiple-sql-injection(74122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122" - }, - { - "name" : "preprintingpress-multiple-sql-injection(74125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "preprintingpress-multiple-sql-injection(74125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125" + }, + { + "name": "18614", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18614" + }, + { + "name": "48443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48443" + }, + { + "name": "80190", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80190" + }, + { + "name": "52539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52539" + }, + { + "name": "preprinting-multiple-sql-injection(74122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5506.json b/2012/5xxx/CVE-2012-5506.json index b4c338beee3..3c9790ce1ce 100644 --- a/2012/5xxx/CVE-2012-5506.json +++ b/2012/5xxx/CVE-2012-5506.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/22", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/22", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/22" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11698.json b/2017/11xxx/CVE-2017-11698.json index dfea82be413..740c32bb8d1 100644 --- a/2017/11xxx/CVE-2017-11698.json +++ b/2017/11xxx/CVE-2017-11698.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Aug/17" - }, - { - "name" : "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html" - }, - { - "name" : "http://www.geeknik.net/9brdqk6xu", - "refsource" : "MISC", - "url" : "http://www.geeknik.net/9brdqk6xu" - }, - { - "name" : "100345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100345" - }, - { - "name" : "1039153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039153" + }, + { + "name": "100345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100345" + }, + { + "name": "http://www.geeknik.net/9brdqk6xu", + "refsource": "MISC", + "url": "http://www.geeknik.net/9brdqk6xu" + }, + { + "name": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html" + }, + { + "name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Aug/17" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7113.json b/2017/7xxx/CVE-2017-7113.json index d24f3042072..14666a57c68 100644 --- a/2017/7xxx/CVE-2017-7113.json +++ b/2017/7xxx/CVE-2017-7113.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"UIKit\" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208222", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208222" - }, - { - "name" : "1039703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"UIKit\" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208222", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208222" + }, + { + "name": "1039703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039703" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7184.json b/2017/7xxx/CVE-2017-7184.json index 113dfb932d0..039727984b1 100644 --- a/2017/7xxx/CVE-2017-7184.json +++ b/2017/7xxx/CVE-2017-7184.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition", - "refsource" : "MISC", - "url" : "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition" - }, - { - "name" : "https://blog.trendmicro.com/results-pwn2own-2017-day-one/", - "refsource" : "MISC", - "url" : "https://blog.trendmicro.com/results-pwn2own-2017-day-one/" - }, - { - "name" : "https://twitter.com/thezdi/status/842126074435665920", - "refsource" : "MISC", - "url" : "https://twitter.com/thezdi/status/842126074435665920" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/03/29/2", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/03/29/2" - }, - { - "name" : "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a" - }, - { - "name" : "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "RHSA-2017:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2918" - }, - { - "name" : "RHSA-2017:2930", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2930" - }, - { - "name" : "RHSA-2017:2931", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2931" - }, - { - "name" : "97018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97018" - }, - { - "name" : "1038166", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.trendmicro.com/results-pwn2own-2017-day-one/", + "refsource": "MISC", + "url": "https://blog.trendmicro.com/results-pwn2own-2017-day-one/" + }, + { + "name": "RHSA-2017:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2918" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a" + }, + { + "name": "RHSA-2017:2931", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2931" + }, + { + "name": "97018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97018" + }, + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "1038166", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038166" + }, + { + "name": "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df" + }, + { + "name": "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition", + "refsource": "MISC", + "url": "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition" + }, + { + "name": "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a" + }, + { + "name": "https://twitter.com/thezdi/status/842126074435665920", + "refsource": "MISC", + "url": "https://twitter.com/thezdi/status/842126074435665920" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/03/29/2", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/03/29/2" + }, + { + "name": "RHSA-2017:2930", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2930" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7601.json b/2017/7xxx/CVE-2017-7601.json index 143fba3fa77..3e9b84ff2dd 100644 --- a/2017/7xxx/CVE-2017-7601.json +++ b/2017/7xxx/CVE-2017-7601.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7601", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes" - }, - { - "name" : "DSA-3844", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3844" - }, - { - "name" : "GLSA-201709-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-27" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - }, - { - "name" : "97511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes" + }, + { + "name": "DSA-3844", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3844" + }, + { + "name": "97511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97511" + }, + { + "name": "GLSA-201709-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-27" + }, + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7731.json b/2017/7xxx/CVE-2017-7731.json index d7e04bea105..3dbfa105f7a 100644 --- a/2017/7xxx/CVE-2017-7731.json +++ b/2017/7xxx/CVE-2017-7731.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-7731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiPortal", - "version" : { - "version_data" : [ - { - "version_value" : "FortiPortal versions 4.0.0 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-7731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal versions 4.0.0 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-114", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7915.json b/2017/7xxx/CVE-2017-7915.json index f6fd5f638b4..bd2687ed078 100644 --- a/2017/7xxx/CVE-2017-7915.json +++ b/2017/7xxx/CVE-2017-7915.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa OnCell", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa OnCell" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-307" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa OnCell", + "version": { + "version_data": [ + { + "version_value": "Moxa OnCell" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-307" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8140.json b/2017/8xxx/CVE-2017-8140.json index 1a07926be0f..795a4e211e2 100644 --- a/2017/8xxx/CVE-2017-8140.json +++ b/2017/8xxx/CVE-2017-8140.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P9 Plus", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than VIE-AL10BC00B353" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Double Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P9 Plus", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than VIE-AL10BC00B353" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Double Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8423.json b/2017/8xxx/CVE-2017-8423.json index 0eb66a672c2..6e39ae6b3fd 100644 --- a/2017/8xxx/CVE-2017-8423.json +++ b/2017/8xxx/CVE-2017-8423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8715.json b/2017/8xxx/CVE-2017-8715.json index 282a575c7b0..086c67fa184 100644 --- a/2017/8xxx/CVE-2017-8715.json +++ b/2017/8xxx/CVE-2017-8715.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-8715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Device Guard", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka \"Windows Security Feature Bypass\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-8715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Device Guard", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715" - }, - { - "name" : "101163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101163" - }, - { - "name" : "1039526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka \"Windows Security Feature Bypass\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039526" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715" + }, + { + "name": "101163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101163" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8890.json b/2017/8xxx/CVE-2017-8890.json index ae5d433dde8..f6cd5ee4584 100644 --- a/2017/8xxx/CVE-2017-8890.json +++ b/2017/8xxx/CVE-2017-8890.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a" - }, - { - "name" : "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "DSA-3886", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3886" - }, - { - "name" : "RHSA-2017:2669", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2669" - }, - { - "name" : "RHSA-2017:1842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1842" - }, - { - "name" : "RHSA-2017:2077", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2077" - }, - { - "name" : "RHSA-2018:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1854" - }, - { - "name" : "98562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98562" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "RHSA-2017:2669", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2669" + }, + { + "name": "RHSA-2018:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1854" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a" + }, + { + "name": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a" + }, + { + "name": "RHSA-2017:2077", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2077" + }, + { + "name": "DSA-3886", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3886" + }, + { + "name": "RHSA-2017:1842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1842" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10813.json b/2018/10xxx/CVE-2018-10813.json index ab8c5014e4f..cc218c3f56f 100644 --- a/2018/10xxx/CVE-2018-10813.json +++ b/2018/10xxx/CVE-2018-10813.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10813", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10813", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/aprendecondedos/dedos-web/pull/1", - "refsource" : "MISC", - "url" : "https://github.com/aprendecondedos/dedos-web/pull/1" - }, - { - "name" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune", - "refsource" : "MISC", - "url" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune", + "refsource": "MISC", + "url": "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune" + }, + { + "name": "https://github.com/aprendecondedos/dedos-web/pull/1", + "refsource": "MISC", + "url": "https://github.com/aprendecondedos/dedos-web/pull/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10861.json b/2018/10xxx/CVE-2018-10861.json index b89fca5e582..3abf080e17c 100644 --- a/2018/10xxx/CVE-2018-10861.json +++ b/2018/10xxx/CVE-2018-10861.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2018-07-09T00:00:00", - "ID" : "CVE-2018-10861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ceph", - "version" : { - "version_data" : [ - { - "version_value" : "all versions in branches master, mimic, luminous and jewel" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2018-07-09T00:00:00", + "ID": "CVE-2018-10861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ceph", + "version": { + "version_data": [ + { + "version_value": "all versions in branches master, mimic, luminous and jewel" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tracker.ceph.com/issues/24838", - "refsource" : "CONFIRM", - "url" : "http://tracker.ceph.com/issues/24838" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1593308", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1593308" - }, - { - "name" : "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc", - "refsource" : "CONFIRM", - "url" : "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc" - }, - { - "name" : "DSA-4339", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4339" - }, - { - "name" : "RHSA-2018:2177", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2177" - }, - { - "name" : "RHSA-2018:2179", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2179" - }, - { - "name" : "RHSA-2018:2261", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2261" - }, - { - "name" : "RHSA-2018:2274", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2274" - }, - { - "name" : "104742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2261", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2261" + }, + { + "name": "RHSA-2018:2177", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2177" + }, + { + "name": "RHSA-2018:2179", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2179" + }, + { + "name": "RHSA-2018:2274", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2274" + }, + { + "name": "104742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104742" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308" + }, + { + "name": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc", + "refsource": "CONFIRM", + "url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc" + }, + { + "name": "DSA-4339", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4339" + }, + { + "name": "http://tracker.ceph.com/issues/24838", + "refsource": "CONFIRM", + "url": "http://tracker.ceph.com/issues/24838" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12335.json b/2018/12xxx/CVE-2018-12335.json index 053a638b3ec..85f5232c34b 100644 --- a/2018/12xxx/CVE-2018-12335.json +++ b/2018/12xxx/CVE-2018-12335.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", - "refsource" : "MISC", - "url" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", + "refsource": "MISC", + "url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12831.json b/2018/12xxx/CVE-2018-12831.json index 815b6f0757b..473fc10dbfe 100644 --- a/2018/12xxx/CVE-2018-12831.json +++ b/2018/12xxx/CVE-2018-12831.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105441" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105441" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13226.json b/2018/13xxx/CVE-2018-13226.json index 0044674fd51..5923347649a 100644 --- a/2018/13xxx/CVE-2018-13226.json +++ b/2018/13xxx/CVE-2018-13226.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13257.json b/2018/13xxx/CVE-2018-13257.json index 002f9dae36e..80314774a85 100644 --- a/2018/13xxx/CVE-2018-13257.json +++ b/2018/13xxx/CVE-2018-13257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13301.json b/2018/13xxx/CVE-2018-13301.json index 6af9cc573db..cdfb41f3a05 100644 --- a/2018/13xxx/CVE-2018-13301.json +++ b/2018/13xxx/CVE-2018-13301.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b", - "refsource" : "MISC", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b" - }, - { - "name" : "104675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b", + "refsource": "MISC", + "url": "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b" + }, + { + "name": "104675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104675" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13397.json b/2018/13xxx/CVE-2018-13397.json index d94bb948c15..9298acb8b4d 100644 --- a/2018/13xxx/CVE-2018-13397.json +++ b/2018/13xxx/CVE-2018-13397.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-13397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sourcetree for Windows", - "version" : { - "version_data" : [ - { - "version_affected" : ">=", - "version_value" : "0.5.1.0" - }, - { - "version_affected" : "<", - "version_value" : "3.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Argument Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-13397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sourcetree for Windows", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "0.5.1.0" + }, + { + "version_affected": "<", + "version_value": "3.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/SRCTREEWIN-9077", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/SRCTREEWIN-9077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Argument Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/SRCTREEWIN-9077", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/SRCTREEWIN-9077" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13463.json b/2018/13xxx/CVE-2018-13463.json index a1fdc9183d4..428458a821a 100644 --- a/2018/13xxx/CVE-2018-13463.json +++ b/2018/13xxx/CVE-2018-13463.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17525.json b/2018/17xxx/CVE-2018-17525.json index 4546728becb..67e23b434e7 100644 --- a/2018/17xxx/CVE-2018-17525.json +++ b/2018/17xxx/CVE-2018-17525.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17525", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17525", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9616.json b/2018/9xxx/CVE-2018-9616.json index 5054ab6f483..a6ae07f16dc 100644 --- a/2018/9xxx/CVE-2018-9616.json +++ b/2018/9xxx/CVE-2018-9616.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9616", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9616", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9937.json b/2018/9xxx/CVE-2018-9937.json index 5844c2e6f0d..4d8323c029d 100644 --- a/2018/9xxx/CVE-2018-9937.json +++ b/2018/9xxx/CVE-2018-9937.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-704-Incorrect Type Conversion or Cast" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-321", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-321" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-321", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-321" + } + ] + } +} \ No newline at end of file