From 05432b9e7646df8b750f1796bda54e361dab015d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:27:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0269.json | 120 +++++------ 2002/0xxx/CVE-2002-0792.json | 170 ++++++++-------- 2002/1xxx/CVE-2002-1358.json | 160 +++++++-------- 2002/1xxx/CVE-2002-1367.json | 210 +++++++++---------- 2002/1xxx/CVE-2002-1455.json | 140 ++++++------- 2002/1xxx/CVE-2002-1862.json | 140 ++++++------- 2002/1xxx/CVE-2002-1945.json | 140 ++++++------- 2002/1xxx/CVE-2002-1981.json | 150 +++++++------- 2003/0xxx/CVE-2003-0714.json | 160 +++++++-------- 2003/0xxx/CVE-2003-0800.json | 34 ++-- 2003/0xxx/CVE-2003-0874.json | 160 +++++++-------- 2003/1xxx/CVE-2003-1331.json | 150 +++++++------- 2004/2xxx/CVE-2004-2284.json | 170 ++++++++-------- 2012/0xxx/CVE-2012-0345.json | 34 ++-- 2012/0xxx/CVE-2012-0757.json | 120 +++++------ 2012/1xxx/CVE-2012-1301.json | 140 ++++++------- 2012/1xxx/CVE-2012-1461.json | 220 ++++++++++---------- 2012/1xxx/CVE-2012-1834.json | 180 ++++++++--------- 2012/1xxx/CVE-2012-1959.json | 360 ++++++++++++++++----------------- 2012/4xxx/CVE-2012-4170.json | 140 ++++++------- 2012/4xxx/CVE-2012-4454.json | 240 +++++++++++----------- 2012/4xxx/CVE-2012-4757.json | 120 +++++------ 2012/4xxx/CVE-2012-4877.json | 170 ++++++++-------- 2012/5xxx/CVE-2012-5958.json | 280 ++++++++++++------------- 2012/5xxx/CVE-2012-5989.json | 34 ++-- 2017/2xxx/CVE-2017-2479.json | 190 ++++++++--------- 2017/3xxx/CVE-2017-3620.json | 132 ++++++------ 2017/3xxx/CVE-2017-3644.json | 152 +++++++------- 2017/3xxx/CVE-2017-3825.json | 140 ++++++------- 2017/6xxx/CVE-2017-6374.json | 34 ++-- 2017/6xxx/CVE-2017-6419.json | 170 ++++++++-------- 2017/6xxx/CVE-2017-6864.json | 150 +++++++------- 2017/6xxx/CVE-2017-6866.json | 130 ++++++------ 2017/6xxx/CVE-2017-6986.json | 130 ++++++------ 2017/7xxx/CVE-2017-7557.json | 132 ++++++------ 2017/7xxx/CVE-2017-7593.json | 160 +++++++-------- 2017/7xxx/CVE-2017-7765.json | 216 ++++++++++---------- 2017/8xxx/CVE-2017-8098.json | 130 ++++++------ 2017/8xxx/CVE-2017-8484.json | 140 ++++++------- 2018/10xxx/CVE-2018-10101.json | 190 ++++++++--------- 2018/10xxx/CVE-2018-10123.json | 130 ++++++------ 2018/10xxx/CVE-2018-10219.json | 120 +++++------ 2018/10xxx/CVE-2018-10401.json | 34 ++-- 2018/13xxx/CVE-2018-13656.json | 130 ++++++------ 2018/14xxx/CVE-2018-14574.json | 170 ++++++++-------- 2018/17xxx/CVE-2018-17765.json | 34 ++-- 2018/17xxx/CVE-2018-17770.json | 34 ++-- 2018/17xxx/CVE-2018-17870.json | 120 +++++------ 2018/17xxx/CVE-2018-17983.json | 130 ++++++------ 2018/20xxx/CVE-2018-20356.json | 34 ++-- 2018/9xxx/CVE-2018-9841.json | 120 +++++------ 2018/9xxx/CVE-2018-9873.json | 34 ++-- 2018/9xxx/CVE-2018-9976.json | 130 ++++++------ 53 files changed, 3679 insertions(+), 3679 deletions(-) diff --git a/2002/0xxx/CVE-2002-0269.json b/2002/0xxx/CVE-2002-0269.json index 4ce0ed6adee..88abbcbe54a 100644 --- a/2002/0xxx/CVE-2002-0269.json +++ b/2002/0xxx/CVE-2002-0269.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101363764421623&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101363764421623&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0792.json b/2002/0xxx/CVE-2002-0792.json index 2dadc36aa65..e012f0afbb5 100644 --- a/2002/0xxx/CVE-2002-0792.json +++ b/2002/0xxx/CVE-2002-0792.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/css-http-post-pub.shtml" - }, - { - "name" : "VU#330275", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/330275" - }, - { - "name" : "VU#686939", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/686939" - }, - { - "name" : "4747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4747" - }, - { - "name" : "4748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4748" - }, - { - "name" : "cisco-css-http-dos(9083)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9083.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#330275", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/330275" + }, + { + "name": "4747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4747" + }, + { + "name": "VU#686939", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/686939" + }, + { + "name": "4748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4748" + }, + { + "name": "20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/css-http-post-pub.shtml" + }, + { + "name": "cisco-css-http-dos(9083)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9083.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1358.json b/2002/1xxx/CVE-2002-1358.json index 4ac608a02df..f479f822827 100644 --- a/2002/1xxx/CVE-2002-1358.json +++ b/2002/1xxx/CVE-2002-1358.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html" - }, - { - "name" : "CA-2002-36", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-36.html" - }, - { - "name" : "oval:org.mitre.oval:def:5721", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721" - }, - { - "name" : "1005812", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005812" - }, - { - "name" : "1005813", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005812", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005812" + }, + { + "name": "CA-2002-36", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-36.html" + }, + { + "name": "oval:org.mitre.oval:def:5721", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721" + }, + { + "name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html" + }, + { + "name": "1005813", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005813" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1367.json b/2002/1xxx/CVE-2002-1367.json index 3c3d0c29ea4..29871842c7f 100644 --- a/2002/1xxx/CVE-2002-1367.json +++ b/2002/1xxx/CVE-2002-1367.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a \"need authorization\" page, as demonstrated by new-coke." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2" - }, - { - "name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" - }, - { - "name" : "http://www.idefense.com/advisory/12.19.02.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/12.19.02.txt" - }, - { - "name" : "CLSA-2003:702", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" - }, - { - "name" : "DSA-232", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-232" - }, - { - "name" : "MDKSA-2003:001", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" - }, - { - "name" : "RHSA-2002:295", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" - }, - { - "name" : "SuSE-SA:2003:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" - }, - { - "name" : "cups-udp-add-printers(10908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10908" - }, - { - "name" : "6436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a \"need authorization\" page, as demonstrated by new-coke." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" + }, + { + "name": "CLSA-2003:702", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" + }, + { + "name": "DSA-232", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-232" + }, + { + "name": "SuSE-SA:2003:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html" + }, + { + "name": "http://www.idefense.com/advisory/12.19.02.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/12.19.02.txt" + }, + { + "name": "RHSA-2002:295", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html" + }, + { + "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2" + }, + { + "name": "MDKSA-2003:001", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" + }, + { + "name": "6436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6436" + }, + { + "name": "cups-udp-add-printers(10908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10908" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1455.json b/2002/1xxx/CVE-2002-1455.json index ca36463be84..05754b8392c 100644 --- a/2002/1xxx/CVE-2002-1455.json +++ b/2002/1xxx/CVE-2002-1455.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html" - }, - { - "name" : "20020825 OmniHTTPd test.php Cross-Site Scripting Issue", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html" - }, - { - "name" : "20020825 More OmniHTTPd Problems", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020825 OmniHTTPd test.php Cross-Site Scripting Issue", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html" + }, + { + "name": "20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html" + }, + { + "name": "20020825 More OmniHTTPd Problems", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1862.json b/2002/1xxx/CVE-2002-1862.json index c28f6dbe4a1..f9d69f7d758 100644 --- a/2002/1xxx/CVE-2002-1862.json +++ b/2002/1xxx/CVE-2002-1862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021031 SmartMail server DOS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html" - }, - { - "name" : "6074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6074" - }, - { - "name" : "smartmail-terminate-connection-dos(10533)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10533.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "smartmail-terminate-connection-dos(10533)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10533.php" + }, + { + "name": "20021031 SmartMail server DOS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html" + }, + { + "name": "6074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6074" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1945.json b/2002/1xxx/CVE-2002-1945.json index 098da9fcacc..dada2a26865 100644 --- a/2002/1xxx/CVE-2002-1945.json +++ b/2002/1xxx/CVE-2002-1945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021031 SmartMail server DOS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html" - }, - { - "name" : "6075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6075" - }, - { - "name" : "smartmail-server-ports-dos(10512)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10512.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6075" + }, + { + "name": "smartmail-server-ports-dos(10512)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10512.php" + }, + { + "name": "20021031 SmartMail server DOS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1981.json b/2002/1xxx/CVE-2002-1981.json index bde51c72fcb..af0da7e83e1 100644 --- a/2002/1xxx/CVE-2002-1981.json +++ b/2002/1xxx/CVE-2002-1981.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the \"public\" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/lists/bugtraq/2002/Sep/0009.html" - }, - { - "name" : "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt" - }, - { - "name" : "5604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5604" - }, - { - "name" : "mssql-sp-public-access(10012)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10012.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the \"public\" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5604" + }, + { + "name": "mssql-sp-public-access(10012)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10012.php" + }, + { + "name": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt" + }, + { + "name": "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/lists/bugtraq/2002/Sep/0009.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0714.json b/2003/0xxx/CVE-2003-0714.json index d8db7bed186..02602c6a93b 100644 --- a/2003/0xxx/CVE-2003-0714.json +++ b/2003/0xxx/CVE-2003-0714.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-046", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046" - }, - { - "name" : "20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106682909006586&w=2" - }, - { - "name" : "CA-2003-27", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-27.html" - }, - { - "name" : "VU#422156", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/422156" - }, - { - "name" : "8838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2003-27", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-27.html" + }, + { + "name": "20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106682909006586&w=2" + }, + { + "name": "VU#422156", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/422156" + }, + { + "name": "MS03-046", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046" + }, + { + "name": "8838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8838" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0800.json b/2003/0xxx/CVE-2003-0800.json index 8d6bc7eecf0..4bbe217b2b9 100644 --- a/2003/0xxx/CVE-2003-0800.json +++ b/2003/0xxx/CVE-2003-0800.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0800", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0800", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0874.json b/2003/0xxx/CVE-2003-0874.json index 729df645793..fbbec0c89e7 100644 --- a/2003/0xxx/CVE-2003-0874.json +++ b/2003/0xxx/CVE-2003-0874.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106667525623311&w=2" - }, - { - "name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html" - }, - { - "name" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html" - }, - { - "name" : "8856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8856" - }, - { - "name" : "deskpro-multiple-sql-injection(13391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "deskpro-multiple-sql-injection(13391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13391" + }, + { + "name": "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106667525623311&w=2" + }, + { + "name": "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html" + }, + { + "name": "8856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8856" + }, + { + "name": "http://www.securiteam.com/unixfocus/6R0052K8KM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6R0052K8KM.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1331.json b/2003/1xxx/CVE-2003-1331.json index 55cd62d4405..7428fb08653 100644 --- a/2003/1xxx/CVE-2003-1331.json +++ b/2003/1xxx/CVE-2003-1331.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html" - }, - { - "name" : "http://bugs.mysql.com/bug.php?id=564", - "refsource" : "CONFIRM", - "url" : "http://bugs.mysql.com/bug.php?id=564" - }, - { - "name" : "7887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7887" - }, - { - "name" : "mysql-mysqlrealconnect-bo(12337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mysql-mysqlrealconnect-bo(12337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12337" + }, + { + "name": "7887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7887" + }, + { + "name": "20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=564", + "refsource": "CONFIRM", + "url": "http://bugs.mysql.com/bug.php?id=564" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2284.json b/2004/2xxx/CVE-2004-2284.json index 3a5bfbe4063..468db222f8c 100644 --- a/2004/2xxx/CVE-2004-2284.json +++ b/2004/2xxx/CVE-2004-2284.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt", - "refsource" : "CONFIRM", - "url" : "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt" - }, - { - "name" : "10637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10637" - }, - { - "name" : "7474", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7474" - }, - { - "name" : "1010605", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010605" - }, - { - "name" : "12017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12017" - }, - { - "name" : "open-webmail-vacation-program-execution(16549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "open-webmail-vacation-program-execution(16549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549" + }, + { + "name": "1010605", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010605" + }, + { + "name": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt", + "refsource": "CONFIRM", + "url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt" + }, + { + "name": "10637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10637" + }, + { + "name": "12017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12017" + }, + { + "name": "7474", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7474" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0345.json b/2012/0xxx/CVE-2012-0345.json index 55e92715917..e60a506c11e 100644 --- a/2012/0xxx/CVE-2012-0345.json +++ b/2012/0xxx/CVE-2012-0345.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0345", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0345", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0757.json b/2012/0xxx/CVE-2012-0757.json index 3d5aa8895bb..0a4e4f47a63 100644 --- a/2012/0xxx/CVE-2012-0757.json +++ b/2012/0xxx/CVE-2012-0757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1301.json b/2012/1xxx/CVE-2012-1301.json index 49f2eb5945b..9f22d02110f 100644 --- a/2012/1xxx/CVE-2012-1301.json +++ b/2012/1xxx/CVE-2012-1301.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the \"url\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120405 [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522218" - }, - { - "name" : "https://www.trustmatta.com/advisories/MATTA-2012-001.txt", - "refsource" : "MISC", - "url" : "https://www.trustmatta.com/advisories/MATTA-2012-001.txt" - }, - { - "name" : "52912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the \"url\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120405 [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522218" + }, + { + "name": "52912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52912" + }, + { + "name": "https://www.trustmatta.com/advisories/MATTA-2012-001.txt", + "refsource": "MISC", + "url": "https://www.trustmatta.com/advisories/MATTA-2012-001.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1461.json b/2012/1xxx/CVE-2012-1461.json index 2282a50e2de..9012920a04c 100644 --- a/2012/1xxx/CVE-2012-1461.json +++ b/2012/1xxx/CVE-2012-1461.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52626" - }, - { - "name" : "80500", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80500" - }, - { - "name" : "80501", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80501" - }, - { - "name" : "80502", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80502" - }, - { - "name" : "80503", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80503" - }, - { - "name" : "80504", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80504" - }, - { - "name" : "80505", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80505" - }, - { - "name" : "80506", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80506" - }, - { - "name" : "80510", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80502", + "refsource": "OSVDB", + "url": "http://osvdb.org/80502" + }, + { + "name": "52626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52626" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80504", + "refsource": "OSVDB", + "url": "http://osvdb.org/80504" + }, + { + "name": "80506", + "refsource": "OSVDB", + "url": "http://osvdb.org/80506" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "80500", + "refsource": "OSVDB", + "url": "http://osvdb.org/80500" + }, + { + "name": "80505", + "refsource": "OSVDB", + "url": "http://osvdb.org/80505" + }, + { + "name": "80501", + "refsource": "OSVDB", + "url": "http://osvdb.org/80501" + }, + { + "name": "80503", + "refsource": "OSVDB", + "url": "http://osvdb.org/80503" + }, + { + "name": "80510", + "refsource": "OSVDB", + "url": "http://osvdb.org/80510" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1834.json b/2012/1xxx/CVE-2012-1834.json index e391fcc7cfe..6867beba092 100644 --- a/2012/1xxx/CVE-2012-1834.json +++ b/2012/1xxx/CVE-2012-1834.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23083", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23083" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view" - }, - { - "name" : "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/" - }, - { - "name" : "52708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52708" - }, - { - "name" : "80573", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80573" - }, - { - "name" : "48510", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48510" - }, - { - "name" : "wordpress-cmstree-edit-xss(74337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48510", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48510" + }, + { + "name": "80573", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80573" + }, + { + "name": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23083", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23083" + }, + { + "name": "wordpress-cmstree-edit-xss(74337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337" + }, + { + "name": "52708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52708" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1959.json b/2012/1xxx/CVE-2012-1959.json index 84ab86a8458..4c87fbc42a0 100644 --- a/2012/1xxx/CVE-2012-1959.json +++ b/2012/1xxx/CVE-2012-1959.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=737559", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=737559" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=754044", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=754044" - }, - { - "name" : "RHSA-2012:1088", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1088.html" - }, - { - "name" : "openSUSE-SU-2012:0899", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" - }, - { - "name" : "openSUSE-SU-2012:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0895", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" - }, - { - "name" : "SUSE-SU-2012:0896", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" - }, - { - "name" : "USN-1509-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-1" - }, - { - "name" : "USN-1509-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-2" - }, - { - "name" : "USN-1510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1510-1" - }, - { - "name" : "54576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54576" - }, - { - "name" : "84002", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84002" - }, - { - "name" : "oval:org.mitre.oval:def:16920", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920" - }, - { - "name" : "1027256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027256" - }, - { - "name" : "1027257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027257" - }, - { - "name" : "1027258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027258" - }, - { - "name" : "49965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49965" - }, - { - "name" : "49972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49972" - }, - { - "name" : "49992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49992" - }, - { - "name" : "49968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49968" - }, - { - "name" : "49977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49977" - }, - { - "name" : "49979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49979" - }, - { - "name" : "49993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49993" - }, - { - "name" : "49994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49977" + }, + { + "name": "49992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49992" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=754044", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=754044" + }, + { + "name": "1027256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027256" + }, + { + "name": "RHSA-2012:1088", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html" + }, + { + "name": "84002", + "refsource": "OSVDB", + "url": "http://osvdb.org/84002" + }, + { + "name": "USN-1509-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-2" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=737559", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=737559" + }, + { + "name": "1027258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027258" + }, + { + "name": "49979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49979" + }, + { + "name": "SUSE-SU-2012:0895", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" + }, + { + "name": "USN-1510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1510-1" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html" + }, + { + "name": "oval:org.mitre.oval:def:16920", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920" + }, + { + "name": "49965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49965" + }, + { + "name": "1027257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027257" + }, + { + "name": "openSUSE-SU-2012:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" + }, + { + "name": "54576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54576" + }, + { + "name": "SUSE-SU-2012:0896", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" + }, + { + "name": "49994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49994" + }, + { + "name": "openSUSE-SU-2012:0899", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" + }, + { + "name": "49968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49968" + }, + { + "name": "USN-1509-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-1" + }, + { + "name": "49993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49993" + }, + { + "name": "49972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49972" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4170.json b/2012/4xxx/CVE-2012-4170.json index a7e6deb2eff..a2b663b86e8 100644 --- a/2012/4xxx/CVE-2012-4170.json +++ b/2012/4xxx/CVE-2012-4170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-20.html" - }, - { - "name" : "55333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55333" - }, - { - "name" : "1027477", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55333" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-20.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-20.html" + }, + { + "name": "1027477", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027477" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4454.json b/2012/4xxx/CVE-2012-4454.json index 8e58fdfb48d..84ee48634fb 100644 --- a/2012/4xxx/CVE-2012-4454.json +++ b/2012/4xxx/CVE-2012-4454.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Opencryptoki-tech] 20120223 opencryptoki version 2.4.1 released", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_id=28878345" - }, - { - "name" : "[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/07/2" - }, - { - "name" : "[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/07/6" - }, - { - "name" : "[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/09/2" - }, - { - "name" : "[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/20/6" - }, - { - "name" : "[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/25/5" - }, - { - "name" : "[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/27/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=730636", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730636" - }, - { - "name" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9", - "refsource" : "CONFIRM", - "url" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9" - }, - { - "name" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30", - "refsource" : "CONFIRM", - "url" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30" - }, - { - "name" : "55627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55627" - }, - { - "name" : "50702", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50702" - }, - { - "name" : "opencryptoki-mutliple-symlink(78797)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/09/2" + }, + { + "name": "[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/25/5" + }, + { + "name": "50702", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50702" + }, + { + "name": "55627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55627" + }, + { + "name": "[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/27/2" + }, + { + "name": "[Opencryptoki-tech] 20120223 opencryptoki version 2.4.1 released", + "refsource": "MLIST", + "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28878345" + }, + { + "name": "[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/20/6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730636", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730636" + }, + { + "name": "opencryptoki-mutliple-symlink(78797)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797" + }, + { + "name": "[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/2" + }, + { + "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30", + "refsource": "CONFIRM", + "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30" + }, + { + "name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9", + "refsource": "CONFIRM", + "url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9" + }, + { + "name": "[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/07/6" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4757.json b/2012/4xxx/CVE-2012-4757.json index ecec83e67df..50ba3e82da3 100644 --- a/2012/4xxx/CVE-2012-4757.json +++ b/2012/4xxx/CVE-2012-4757.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "49290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49290" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4877.json b/2012/4xxx/CVE-2012-4877.json index 550d5d5a950..eb7c59c2ce1 100644 --- a/2012/4xxx/CVE-2012-4877.json +++ b/2012/4xxx/CVE-2012-4877.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=487", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=487" - }, - { - "name" : "52846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52846" - }, - { - "name" : "80878", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80878" - }, - { - "name" : "48656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48656" - }, - { - "name" : "flatnux-controlcenter-csrf(74567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html" + }, + { + "name": "80878", + "refsource": "OSVDB", + "url": "http://osvdb.org/80878" + }, + { + "name": "flatnux-controlcenter-csrf(74567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74567" + }, + { + "name": "48656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48656" + }, + { + "name": "52846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52846" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=487", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=487" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5958.json b/2012/5xxx/CVE-2012-5958.json index adb6347568d..cf946b3fae0 100644 --- a/2012/5xxx/CVE-2012-5958.json +++ b/2012/5xxx/CVE-2012-5958.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-5958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" - }, - { - "name" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" - }, - { - "name" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2017-10", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-10" - }, - { - "name" : "http://pupnp.sourceforge.net/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://pupnp.sourceforge.net/ChangeLog" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" - }, - { - "name" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", - "refsource" : "CONFIRM", - "url" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037" - }, - { - "name" : "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp" - }, - { - "name" : "DSA-2614", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2614" - }, - { - "name" : "DSA-2615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2615" - }, - { - "name" : "MDVSA-2013:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098" - }, - { - "name" : "openSUSE-SU-2013:0255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html" - }, - { - "name" : "VU#922681", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/922681" - }, - { - "name" : "57602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp" + }, + { + "name": "MDVSA-2013:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" + }, + { + "name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", + "refsource": "MISC", + "url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" + }, + { + "name": "DSA-2615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2615" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" + }, + { + "name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", + "refsource": "CONFIRM", + "url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" + }, + { + "name": "DSA-2614", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2614" + }, + { + "name": "57602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57602" + }, + { + "name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", + "refsource": "MISC", + "url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" + }, + { + "name": "http://pupnp.sourceforge.net/ChangeLog", + "refsource": "CONFIRM", + "url": "http://pupnp.sourceforge.net/ChangeLog" + }, + { + "name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" + }, + { + "name": "VU#922681", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/922681" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-10", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-10" + }, + { + "name": "openSUSE-SU-2013:0255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5989.json b/2012/5xxx/CVE-2012-5989.json index 28ac065ba8b..85857a373fe 100644 --- a/2012/5xxx/CVE-2012-5989.json +++ b/2012/5xxx/CVE-2012-5989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2479.json b/2017/2xxx/CVE-2017-2479.json index 6a08f6837d5..461c563c433 100644 --- a/2017/2xxx/CVE-2017-2479.json +++ b/2017/2xxx/CVE-2017-2479.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41866", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41866/" - }, - { - "name" : "https://support.apple.com/HT207599", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207599" - }, - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207607", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207607" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97176" - }, - { - "name" : "1038157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97176" + }, + { + "name": "1038157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038157" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "41866", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41866/" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207607", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207607" + }, + { + "name": "https://support.apple.com/HT207599", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207599" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3620.json b/2017/3xxx/CVE-2017-3620.json index da3dc58a527..d89277a0f54 100644 --- a/2017/3xxx/CVE-2017-3620.json +++ b/2017/3xxx/CVE-2017-3620.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Automatic Service Request (ASR)", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.7" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Automatic Service Request (ASR)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.7" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97811" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3644.json b/2017/3xxx/CVE-2017-3644.json index 46eb6b1d623..ec2bee744ff 100644 --- a/2017/3xxx/CVE-2017-3644.json +++ b/2017/3xxx/CVE-2017-3644.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "99775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99775" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99775" + }, + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3825.json b/2017/3xxx/CVE-2017-3825.json index 93b4e3b840a..09e59962c1c 100644 --- a/2017/3xxx/CVE-2017-3825.json +++ b/2017/3xxx/CVE-2017-3825.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco TelePresence", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco TelePresence" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco TelePresence", + "version": { + "version_data": [ + { + "version_value": "Cisco TelePresence" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp" - }, - { - "name" : "98293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98293" - }, - { - "name" : "1038392", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98293" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp" + }, + { + "name": "1038392", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038392" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6374.json b/2017/6xxx/CVE-2017-6374.json index 2fdad3aa978..dabc8db1c84 100644 --- a/2017/6xxx/CVE-2017-6374.json +++ b/2017/6xxx/CVE-2017-6374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6419.json b/2017/6xxx/CVE-2017-6419.json index b6a57c65650..44f640c8992 100644 --- a/2017/6xxx/CVE-2017-6419.json +++ b/2017/6xxx/CVE-2017-6419.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html" - }, - { - "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11701", - "refsource" : "MISC", - "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11701" - }, - { - "name" : "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md", - "refsource" : "MISC", - "url" : "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md" - }, - { - "name" : "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1", - "refsource" : "MISC", - "url" : "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1" - }, - { - "name" : "DSA-3946", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3946" - }, - { - "name" : "GLSA-201804-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html" + }, + { + "name": "DSA-3946", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3946" + }, + { + "name": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md", + "refsource": "MISC", + "url": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md" + }, + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=11701", + "refsource": "MISC", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11701" + }, + { + "name": "GLSA-201804-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-16" + }, + { + "name": "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1", + "refsource": "MISC", + "url": "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6864.json b/2017/6xxx/CVE-2017-6864.json index b76337a389d..348cabb06f0 100644 --- a/2017/6xxx/CVE-2017-6864.json +++ b/2017/6xxx/CVE-2017-6864.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2017-6864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RUGGEDCOM ROX I All versions", - "version" : { - "version_data" : [ - { - "version_value" : "RUGGEDCOM ROX I All versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2017-6864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM ROX I All versions", + "version": { + "version_data": [ + { + "version_value": "RUGGEDCOM ROX I All versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" - }, - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" - }, - { - "name" : "97170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97170" - }, - { - "name" : "1038160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97170" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" + }, + { + "name": "1038160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038160" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6866.json b/2017/6xxx/CVE-2017-6866.json index 626fbb3501a..2551c7366a5 100644 --- a/2017/6xxx/CVE-2017-6866.json +++ b/2017/6xxx/CVE-2017-6866.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2017-6866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)", - "version" : { - "version_data" : [ - { - "version_value" : "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284: Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2017-6866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)", + "version": { + "version_data": [ + { + "version_value": "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf" - }, - { - "name" : "99247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99247" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6986.json b/2017/6xxx/CVE-2017-6986.json index 001a4ee8387..0a5c4f7cade 100644 --- a/2017/6xxx/CVE-2017-6986.json +++ b/2017/6xxx/CVE-2017-6986.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"iBooks\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"iBooks\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7557.json b/2017/7xxx/CVE-2017-7557.json index 96a78a8afde..07fa77247c3 100644 --- a/2017/7xxx/CVE-2017-7557.json +++ b/2017/7xxx/CVE-2017-7557.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-08-21T00:00:00", - "ID" : "CVE-2017-7557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "dnsdist", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-08-21T00:00:00", + "ID": "CVE-2017-7557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "dnsdist", + "version": { + "version_data": [ + { + "version_value": "1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html", - "refsource" : "MISC", - "url" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html" - }, - { - "name" : "100508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html", + "refsource": "MISC", + "url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html" + }, + { + "name": "100508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100508" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7593.json b/2017/7xxx/CVE-2017-7593.json index 5281d03a28e..dc9848bf48a 100644 --- a/2017/7xxx/CVE-2017-7593.json +++ b/2017/7xxx/CVE-2017-7593.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2651", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2651" - }, - { - "name" : "DSA-3844", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3844" - }, - { - "name" : "GLSA-201709-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-27" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - }, - { - "name" : "97502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3844", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3844" + }, + { + "name": "GLSA-201709-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-27" + }, + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + }, + { + "name": "97502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97502" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2651", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2651" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7765.json b/2017/7xxx/CVE-2017-7765.json index 7e402269c7c..80208be959f 100644 --- a/2017/7xxx/CVE-2017-7765.json +++ b/2017/7xxx/CVE-2017-7765.json @@ -1,110 +1,110 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Mark of the Web bypass when saving executable files" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Mark of the Web bypass when saving executable files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8098.json b/2017/8xxx/CVE-2017-8098.json index e41a85cc761..8052ff97f69 100644 --- a/2017/8xxx/CVE-2017-8098.json +++ b/2017/8xxx/CVE-2017-8098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Apr/40", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/40" - }, - { - "name" : "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5", - "refsource" : "MISC", - "url" : "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5", + "refsource": "MISC", + "url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/40", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/40" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8484.json b/2017/8xxx/CVE-2017-8484.json index a22f022e001..33dd7937cdf 100644 --- a/2017/8xxx/CVE-2017-8484.json +++ b/2017/8xxx/CVE-2017-8484.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8484", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8484", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42210", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42210/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484" - }, - { - "name" : "98847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98847" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484" + }, + { + "name": "42210", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42210/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10101.json b/2018/10xxx/CVE-2018-10101.json index 0d1dae2b4dd..f93c8fa633b 100644 --- a/2018/10xxx/CVE-2018-10101.json +++ b/2018/10xxx/CVE-2018-10101.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wpvulndb.com/vulnerabilities/9053", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9053" - }, - { - "name" : "https://codex.wordpress.org/Version_4.9.5", - "refsource" : "CONFIRM", - "url" : "https://codex.wordpress.org/Version_4.9.5" - }, - { - "name" : "https://core.trac.wordpress.org/changeset/42894", - "refsource" : "CONFIRM", - "url" : "https://core.trac.wordpress.org/changeset/42894" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216", - "refsource" : "CONFIRM", - "url" : "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216" - }, - { - "name" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" - }, - { - "name" : "DSA-4193", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4193" - }, - { - "name" : "104350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104350" - }, - { - "name" : "1040836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9053", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9053" + }, + { + "name": "104350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104350" + }, + { + "name": "1040836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040836" + }, + { + "name": "DSA-4193", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4193" + }, + { + "name": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" + }, + { + "name": "https://core.trac.wordpress.org/changeset/42894", + "refsource": "CONFIRM", + "url": "https://core.trac.wordpress.org/changeset/42894" + }, + { + "name": "https://codex.wordpress.org/Version_4.9.5", + "refsource": "CONFIRM", + "url": "https://codex.wordpress.org/Version_4.9.5" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216", + "refsource": "CONFIRM", + "url": "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10123.json b/2018/10xxx/CVE-2018-10123.json index 19b2985c9de..0b6906c7082 100644 --- a/2018/10xxx/CVE-2018-10123.json +++ b/2018/10xxx/CVE-2018-10123.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44635", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44635/" - }, - { - "name" : "https://neonsea.uk/blog/2018/04/15/pwn910nd.html", - "refsource" : "MISC", - "url" : "https://neonsea.uk/blog/2018/04/15/pwn910nd.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://neonsea.uk/blog/2018/04/15/pwn910nd.html", + "refsource": "MISC", + "url": "https://neonsea.uk/blog/2018/04/15/pwn910nd.html" + }, + { + "name": "44635", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44635/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10219.json b/2018/10xxx/CVE-2018-10219.json index e29f1faf81f..eeff95aca72 100644 --- a/2018/10xxx/CVE-2018-10219.json +++ b/2018/10xxx/CVE-2018-10219.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug", - "refsource" : "MISC", - "url" : "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug", + "refsource": "MISC", + "url": "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10401.json b/2018/10xxx/CVE-2018-10401.json index 57801b232ee..1d0bf7bd101 100644 --- a/2018/10xxx/CVE-2018-10401.json +++ b/2018/10xxx/CVE-2018-10401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13656.json b/2018/13xxx/CVE-2018-13656.json index f56bbdb0c32..9073d6f0b35 100644 --- a/2018/13xxx/CVE-2018-13656.json +++ b/2018/13xxx/CVE-2018-13656.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14574.json b/2018/14xxx/CVE-2018-14574.json index 2e0d83b5702..aaa5663f2b7 100644 --- a/2018/14xxx/CVE-2018-14574.json +++ b/2018/14xxx/CVE-2018-14574.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" - }, - { - "name" : "DSA-4264", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4264" - }, - { - "name" : "RHSA-2019:0265", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0265" - }, - { - "name" : "USN-3726-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3726-1/" - }, - { - "name" : "104970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104970" - }, - { - "name" : "1041403", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" + }, + { + "name": "USN-3726-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3726-1/" + }, + { + "name": "DSA-4264", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4264" + }, + { + "name": "1041403", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041403" + }, + { + "name": "RHSA-2019:0265", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0265" + }, + { + "name": "104970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104970" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17765.json b/2018/17xxx/CVE-2018-17765.json index a695266b088..856e1d55f4a 100644 --- a/2018/17xxx/CVE-2018-17765.json +++ b/2018/17xxx/CVE-2018-17765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17765", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17765", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17770.json b/2018/17xxx/CVE-2018-17770.json index 23b17a1596d..467e2179254 100644 --- a/2018/17xxx/CVE-2018-17770.json +++ b/2018/17xxx/CVE-2018-17770.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17770", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17770", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17870.json b/2018/17xxx/CVE-2018-17870.json index 66d0947eeac..6c3e4dfb981 100644 --- a/2018/17xxx/CVE-2018-17870.json +++ b/2018/17xxx/CVE-2018-17870.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in BTITeam XBTIT 2.5.4. The \"returnto\" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/btiteam/xbtit/pull/59", - "refsource" : "MISC", - "url" : "https://github.com/btiteam/xbtit/pull/59" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in BTITeam XBTIT 2.5.4. The \"returnto\" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/btiteam/xbtit/pull/59", + "refsource": "MISC", + "url": "https://github.com/btiteam/xbtit/pull/59" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17983.json b/2018/17xxx/CVE-2018-17983.json index cc7428b164e..56ecdd49cfb 100644 --- a/2018/17xxx/CVE-2018-17983.json +++ b/2018/17xxx/CVE-2018-17983.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901", - "refsource" : "MISC", - "url" : "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901" - }, - { - "name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29", - "refsource" : "MISC", - "url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901", + "refsource": "MISC", + "url": "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901" + }, + { + "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29", + "refsource": "MISC", + "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20356.json b/2018/20xxx/CVE-2018-20356.json index f558ce23743..04e23f5676b 100644 --- a/2018/20xxx/CVE-2018-20356.json +++ b/2018/20xxx/CVE-2018-20356.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20356", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20356", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9841.json b/2018/9xxx/CVE-2018-9841.json index 509c838c498..652e9c0dc90 100644 --- a/2018/9xxx/CVE-2018-9841.json +++ b/2018/9xxx/CVE-2018-9841.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758", - "refsource" : "MISC", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758", + "refsource": "MISC", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9873.json b/2018/9xxx/CVE-2018-9873.json index 148065fcad1..a20bb34e111 100644 --- a/2018/9xxx/CVE-2018-9873.json +++ b/2018/9xxx/CVE-2018-9873.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9873", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9873", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9976.json b/2018/9xxx/CVE-2018-9976.json index f4c264b529a..a433a7f3d3a 100644 --- a/2018/9xxx/CVE-2018-9976.json +++ b/2018/9xxx/CVE-2018-9976.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-374", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-374" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-374", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-374" + } + ] + } +} \ No newline at end of file