From 061f5895ce7f0aaec894a54d6724a140efd8f716 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:19:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1009.json | 140 +++++----- 2002/1xxx/CVE-2002-1317.json | 240 +++++++++--------- 2002/1xxx/CVE-2002-1937.json | 140 +++++----- 2002/1xxx/CVE-2002-1943.json | 140 +++++----- 2003/0xxx/CVE-2003-0152.json | 130 +++++----- 2003/0xxx/CVE-2003-0456.json | 160 ++++++------ 2003/0xxx/CVE-2003-0567.json | 170 ++++++------- 2003/0xxx/CVE-2003-0747.json | 140 +++++----- 2003/1xxx/CVE-2003-1099.json | 180 ++++++------- 2003/1xxx/CVE-2003-1124.json | 160 ++++++------ 2004/0xxx/CVE-2004-0175.json | 320 +++++++++++------------ 2004/2xxx/CVE-2004-2241.json | 160 ++++++------ 2004/2xxx/CVE-2004-2429.json | 200 +++++++-------- 2004/2xxx/CVE-2004-2642.json | 180 ++++++------- 2008/2xxx/CVE-2008-2355.json | 160 ++++++------ 2008/2xxx/CVE-2008-2426.json | 300 +++++++++++----------- 2008/2xxx/CVE-2008-2773.json | 150 +++++------ 2012/0xxx/CVE-2012-0125.json | 170 ++++++------- 2012/0xxx/CVE-2012-0204.json | 130 +++++----- 2012/0xxx/CVE-2012-0499.json | 450 ++++++++++++++++----------------- 2012/1xxx/CVE-2012-1052.json | 150 +++++------ 2012/1xxx/CVE-2012-1147.json | 200 +++++++-------- 2012/1xxx/CVE-2012-1482.json | 150 +++++------ 2012/1xxx/CVE-2012-1557.json | 220 ++++++++-------- 2012/1xxx/CVE-2012-1835.json | 140 +++++----- 2012/1xxx/CVE-2012-1851.json | 140 +++++----- 2012/4xxx/CVE-2012-4486.json | 150 +++++------ 2012/5xxx/CVE-2012-5056.json | 120 ++++----- 2012/5xxx/CVE-2012-5459.json | 150 +++++------ 2012/5xxx/CVE-2012-5602.json | 34 +-- 2017/3xxx/CVE-2017-3083.json | 160 ++++++------ 2017/3xxx/CVE-2017-3203.json | 162 ++++++------ 2017/3xxx/CVE-2017-3352.json | 166 ++++++------ 2017/3xxx/CVE-2017-3359.json | 152 +++++------ 2017/3xxx/CVE-2017-3799.json | 140 +++++----- 2017/6xxx/CVE-2017-6123.json | 34 +-- 2017/6xxx/CVE-2017-6944.json | 34 +-- 2017/7xxx/CVE-2017-7148.json | 130 +++++----- 2017/7xxx/CVE-2017-7170.json | 120 ++++----- 2017/7xxx/CVE-2017-7517.json | 34 +-- 2017/8xxx/CVE-2017-8702.json | 142 +++++------ 2017/8xxx/CVE-2017-8888.json | 34 +-- 2017/8xxx/CVE-2017-8971.json | 132 +++++----- 2018/10xxx/CVE-2018-10492.json | 130 +++++----- 2018/10xxx/CVE-2018-10606.json | 132 +++++----- 2018/10xxx/CVE-2018-10648.json | 120 ++++----- 2018/10xxx/CVE-2018-10988.json | 120 ++++----- 2018/13xxx/CVE-2018-13701.json | 130 +++++----- 2018/13xxx/CVE-2018-13758.json | 130 +++++----- 2018/13xxx/CVE-2018-13833.json | 130 +++++----- 2018/13xxx/CVE-2018-13915.json | 34 +-- 2018/17xxx/CVE-2018-17104.json | 140 +++++----- 2018/17xxx/CVE-2018-17683.json | 130 +++++----- 2018/9xxx/CVE-2018-9244.json | 130 +++++----- 2018/9xxx/CVE-2018-9489.json | 132 +++++----- 2018/9xxx/CVE-2018-9631.json | 34 +-- 2018/9xxx/CVE-2018-9765.json | 34 +-- 2018/9xxx/CVE-2018-9994.json | 34 +-- 58 files changed, 4137 insertions(+), 4137 deletions(-) diff --git a/2002/1xxx/CVE-2002-1009.json b/2002/1xxx/CVE-2002-1009.json index f7bb58b3118..551a3a60a77 100644 --- a/2002/1xxx/CVE-2002-1009.json +++ b/2002/1xxx/CVE-2002-1009.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) \"Name\" or (2) \"E-mail\" parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020711 Lil'HTTP Pbcgi.cgi XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html" - }, - { - "name" : "5211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5211" - }, - { - "name" : "lilhttp-pbcgi-xss(9548)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9548.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) \"Name\" or (2) \"E-mail\" parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lilhttp-pbcgi-xss(9548)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9548.php" + }, + { + "name": "5211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5211" + }, + { + "name": "20020711 Lil'HTTP Pbcgi.cgi XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0112.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1317.json b/2002/1xxx/CVE-2002-1317.json index d00d3b51760..c03aeb00c99 100644 --- a/2002/1xxx/CVE-2002-1317.json +++ b/2002/1xxx/CVE-2002-1317.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021125 Solaris fs.auto Remote Compromise Vulnerability", - "refsource" : "ISS", - "url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" - }, - { - "name" : "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103825150527843&w=2" - }, - { - "name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" - }, - { - "name" : "20021202-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" - }, - { - "name" : "HPSBUX0212-228", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/4988" - }, - { - "name" : "CA-2002-34", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-34.html" - }, - { - "name" : "VU#312313", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/312313" - }, - { - "name" : "N-024", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-024.shtml" - }, - { - "name" : "solaris-fsauto-execute-code(10375)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10375.php" - }, - { - "name" : "6241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6241" - }, - { - "name" : "oval:org.mitre.oval:def:149", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" - }, - { - "name" : "oval:org.mitre.oval:def:152", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" - }, - { - "name" : "oval:org.mitre.oval:def:2816", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0212-228", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/4988" + }, + { + "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879" + }, + { + "name": "20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103825150527843&w=2" + }, + { + "name": "oval:org.mitre.oval:def:149", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149" + }, + { + "name": "CA-2002-34", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-34.html" + }, + { + "name": "oval:org.mitre.oval:def:152", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152" + }, + { + "name": "oval:org.mitre.oval:def:2816", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816" + }, + { + "name": "VU#312313", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/312313" + }, + { + "name": "20021125 Solaris fs.auto Remote Compromise Vulnerability", + "refsource": "ISS", + "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541" + }, + { + "name": "solaris-fsauto-execute-code(10375)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10375.php" + }, + { + "name": "20021202-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I" + }, + { + "name": "6241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6241" + }, + { + "name": "N-024", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-024.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1937.json b/2002/1xxx/CVE-2002-1937.json index b8b18d7f7ed..20fd0d5fcf6 100644 --- a/2002/1xxx/CVE-2002-1937.json +++ b/2002/1xxx/CVE-2002-1937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021022 Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html" - }, - { - "name" : "20021022 Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html" - }, - { - "name" : "firewallvpn-arp-mitm(10442)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10442.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address and perform an ARP poisoning man-in-the-middle attack to obtain the administrator's password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021022 Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0329.html" + }, + { + "name": "firewallvpn-arp-mitm(10442)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10442.php" + }, + { + "name": "20021022 Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0314.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1943.json b/2002/1xxx/CVE-2002-1943.json index 534c98f78f2..4c93ec3e8a7 100644 --- a/2002/1xxx/CVE-2002-1943.json +++ b/2002/1xxx/CVE-2002-1943.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020927 SafeTP coughs up internal server IP addresses", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/293443" - }, - { - "name" : "5822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5822" - }, - { - "name" : "safetp-passivemode-ip-disclosure(10210)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10210.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SafeTP 1.46, when network address translation (NAT) is being used, leaks the internal IP address of the FTP server in a response to a passive mode (PASV) file transfer request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020927 SafeTP coughs up internal server IP addresses", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/293443" + }, + { + "name": "5822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5822" + }, + { + "name": "safetp-passivemode-ip-disclosure(10210)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10210.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0152.json b/2003/0xxx/CVE-2003-0152.json index 84efb1b821c..c2d3487ff99 100644 --- a/2003/0xxx/CVE-2003-0152.json +++ b/2003/0xxx/CVE-2003-0152.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-265" - }, - { - "name" : "7162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-265" + }, + { + "name": "7162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7162" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0456.json b/2003/0xxx/CVE-2003-0456.json index a27b425b393..6fe821f7ff1 100644 --- a/2003/0xxx/CVE-2003-0456.json +++ b/2003/0xxx/CVE-2003-0456.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030701 VisNetic WebSite Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105733894003737&w=2" - }, - { - "name" : "20030701 VisNetic WebSite Path Disclosure Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html" - }, - { - "name" : "http://www.krusesecurity.dk/advisories/vis0103.txt", - "refsource" : "MISC", - "url" : "http://www.krusesecurity.dk/advisories/vis0103.txt" - }, - { - "name" : "visnetic-website-path-disclosure(12483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483" - }, - { - "name" : "8075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105733894003737&w=2" + }, + { + "name": "http://www.krusesecurity.dk/advisories/vis0103.txt", + "refsource": "MISC", + "url": "http://www.krusesecurity.dk/advisories/vis0103.txt" + }, + { + "name": "8075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8075" + }, + { + "name": "20030701 VisNetic WebSite Path Disclosure Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html" + }, + { + "name": "visnetic-website-path-disclosure(12483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0567.json b/2003/0xxx/CVE-2003-0567.json index 60570a8d9f7..ffb1b23fc88 100644 --- a/2003/0xxx/CVE-2003-0567.json +++ b/2003/0xxx/CVE-2003-0567.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030718 (no subject)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html" - }, - { - "name" : "20030717 IOS Interface Blocked by IPv4 Packet", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml" - }, - { - "name" : "CA-2003-15", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-15.html" - }, - { - "name" : "CA-2003-17", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-17.html" - }, - { - "name" : "VU#411332", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/411332" - }, - { - "name" : "oval:org.mitre.oval:def:5603", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#411332", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/411332" + }, + { + "name": "oval:org.mitre.oval:def:5603", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603" + }, + { + "name": "CA-2003-17", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-17.html" + }, + { + "name": "20030717 IOS Interface Blocked by IPv4 Packet", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml" + }, + { + "name": "CA-2003-15", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-15.html" + }, + { + "name": "20030718 (no subject)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0747.json b/2003/0xxx/CVE-2003-0747.json index 25c205d51fb..21c217f29ed 100644 --- a/2003/0xxx/CVE-2003-0747.json +++ b/2003/0xxx/CVE-2003-0747.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030830 SAP Internet Transaction Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html" - }, - { - "name" : "its-wgatedll-information-disclosure(13063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13063" - }, - { - "name" : "8515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030830 SAP Internet Transaction Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html" + }, + { + "name": "8515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8515" + }, + { + "name": "its-wgatedll-information-disclosure(13063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13063" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1099.json b/2003/1xxx/CVE-2003-1099.json index 9d4e55ce23d..0fb4b1795b1 100644 --- a/2003/1xxx/CVE-2003-1099.json +++ b/2003/1xxx/CVE-2003-1099.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0312-304", - "refsource" : "HP", - "url" : "http://www.kb.cert.org/vuls/id/CRDY-5VFQA3" - }, - { - "name" : "VU#509454", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/509454" - }, - { - "name" : "O-032", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-032.shtml" - }, - { - "name" : "9141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9141" - }, - { - "name" : "oval:org.mitre.oval:def:5788", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788" - }, - { - "name" : "10339", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10339" - }, - { - "name" : "hp-shar-tmpfile-symlink(13882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10339", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10339" + }, + { + "name": "hp-shar-tmpfile-symlink(13882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13882" + }, + { + "name": "O-032", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-032.shtml" + }, + { + "name": "VU#509454", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/509454" + }, + { + "name": "oval:org.mitre.oval:def:5788", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788" + }, + { + "name": "HPSBUX0312-304", + "refsource": "HP", + "url": "http://www.kb.cert.org/vuls/id/CRDY-5VFQA3" + }, + { + "name": "9141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9141" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1124.json b/2003/1xxx/CVE-2003-1124.json index 08e3de933a6..cafc4d7597b 100644 --- a/2003/1xxx/CVE-2003-1124.json +++ b/2003/1xxx/CVE-2003-1124.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#758932", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/758932" - }, - { - "name" : "55141", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55141-1" - }, - { - "name" : "7960", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7960" - }, - { - "name" : "9073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9073" - }, - { - "name" : "sunmc-files-writable-permissions(12343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9073" + }, + { + "name": "55141", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55141-1" + }, + { + "name": "7960", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7960" + }, + { + "name": "VU#758932", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/758932" + }, + { + "name": "sunmc-files-writable-permissions(12343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12343" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0175.json b/2004/0xxx/CVE-2004-0175.json index 17e50ad27ec..2373eb28e6e 100644 --- a/2004/0xxx/CVE-2004-0175.json +++ b/2004/0xxx/CVE-2004-0175.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147" - }, - { - "name" : "http://www.juniper.net/support/security/alerts/adv59739.txt", - "refsource" : "CONFIRM", - "url" : "http://www.juniper.net/support/security/alerts/adv59739.txt" - }, - { - "name" : "CLSA-2004:831", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831" - }, - { - "name" : "MDKSA-2005:100", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100" - }, - { - "name" : "MDVSA-2008:191", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191" - }, - { - "name" : "RHSA-2005:106", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-106.html" - }, - { - "name" : "RHSA-2005:074", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-074.html" - }, - { - "name" : "RHSA-2005:165", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-165.html" - }, - { - "name" : "RHSA-2005:481", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-481.html" - }, - { - "name" : "RHSA-2005:495", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-495.html" - }, - { - "name" : "RHSA-2005:562", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-562.html" - }, - { - "name" : "RHSA-2005:567", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-567.html" - }, - { - "name" : "SCOSA-2006.11", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt" - }, - { - "name" : "SuSE-SA:2004:009", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_09_kernel.html" - }, - { - "name" : "O-212", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-212.shtml" - }, - { - "name" : "9986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9986" - }, - { - "name" : "9550", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9550" - }, - { - "name" : "oval:org.mitre.oval:def:10184", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184" - }, - { - "name" : "19243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19243" - }, - { - "name" : "17135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17135" - }, - { - "name" : "openssh-scp-file-overwrite(16323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:165", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-165.html" + }, + { + "name": "RHSA-2005:106", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-106.html" + }, + { + "name": "RHSA-2005:567", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-567.html" + }, + { + "name": "http://www.juniper.net/support/security/alerts/adv59739.txt", + "refsource": "CONFIRM", + "url": "http://www.juniper.net/support/security/alerts/adv59739.txt" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147" + }, + { + "name": "RHSA-2005:495", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-495.html" + }, + { + "name": "RHSA-2005:562", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-562.html" + }, + { + "name": "MDVSA-2008:191", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:191" + }, + { + "name": "SuSE-SA:2004:009", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html" + }, + { + "name": "MDKSA-2005:100", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:100" + }, + { + "name": "19243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19243" + }, + { + "name": "openssh-scp-file-overwrite(16323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16323" + }, + { + "name": "oval:org.mitre.oval:def:10184", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10184" + }, + { + "name": "17135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17135" + }, + { + "name": "SCOSA-2006.11", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.11/SCOSA-2006.11.txt" + }, + { + "name": "RHSA-2005:074", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-074.html" + }, + { + "name": "RHSA-2005:481", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-481.html" + }, + { + "name": "9550", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9550" + }, + { + "name": "CLSA-2004:831", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000831" + }, + { + "name": "O-212", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-212.shtml" + }, + { + "name": "9986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9986" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2241.json b/2004/2xxx/CVE-2004-2241.json index 3be27ea5023..50321e065ad 100644 --- a/2004/2xxx/CVE-2004-2241.json +++ b/2004/2xxx/CVE-2004-2241.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phorum.org/cvs-changelog-5.txt", - "refsource" : "CONFIRM", - "url" : "http://phorum.org/cvs-changelog-5.txt" - }, - { - "name" : "11538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11538" - }, - { - "name" : "1011921", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011921" - }, - { - "name" : "12980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12980" - }, - { - "name" : "phorum-xss(17846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phorum.org/cvs-changelog-5.txt", + "refsource": "CONFIRM", + "url": "http://phorum.org/cvs-changelog-5.txt" + }, + { + "name": "11538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11538" + }, + { + "name": "1011921", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011921" + }, + { + "name": "phorum-xss(17846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17846" + }, + { + "name": "12980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12980" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2429.json b/2004/2xxx/CVE-2004-2429.json index 1cd5e9e8bba..bd5228db70d 100644 --- a/2004/2xxx/CVE-2004-2429.json +++ b/2004/2xxx/CVE-2004-2429.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040528 EnderUNIX Security Anouncement (Isoqlog and Spamguard)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html" - }, - { - "name" : "http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG" - }, - { - "name" : "10434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10434" - }, - { - "name" : "6521", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6521" - }, - { - "name" : "6522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6522" - }, - { - "name" : "6523", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6523" - }, - { - "name" : "1010342", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010342" - }, - { - "name" : "11747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11747" - }, - { - "name" : "spamguard-multiple-bo(16278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "spamguard-multiple-bo(16278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16278" + }, + { + "name": "6521", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6521" + }, + { + "name": "11747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11747" + }, + { + "name": "10434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10434" + }, + { + "name": "1010342", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010342" + }, + { + "name": "20040528 EnderUNIX Security Anouncement (Isoqlog and Spamguard)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html" + }, + { + "name": "6522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6522" + }, + { + "name": "6523", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6523" + }, + { + "name": "http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://www.enderunix.org/spamguard/spamguard-1.7/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2642.json b/2004/2xxx/CVE-2004-2642.json index 0383ee2ca6e..dddce4a7de8 100644 --- a/2004/2xxx/CVE-2004-2642.json +++ b/2004/2xxx/CVE-2004-2642.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://deekoo.net/technocracy/yeemp/#advisory", - "refsource" : "CONFIRM", - "url" : "http://deekoo.net/technocracy/yeemp/#advisory" - }, - { - "name" : "http://deekoo.net/technocracy/yeemp/changes.html", - "refsource" : "CONFIRM", - "url" : "http://deekoo.net/technocracy/yeemp/changes.html" - }, - { - "name" : "11353", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11353" - }, - { - "name" : "10671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10671" - }, - { - "name" : "1011586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011586" - }, - { - "name" : "12795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12795" - }, - { - "name" : "yeemp-message-spoofing(17692)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://deekoo.net/technocracy/yeemp/#advisory", + "refsource": "CONFIRM", + "url": "http://deekoo.net/technocracy/yeemp/#advisory" + }, + { + "name": "1011586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011586" + }, + { + "name": "http://deekoo.net/technocracy/yeemp/changes.html", + "refsource": "CONFIRM", + "url": "http://deekoo.net/technocracy/yeemp/changes.html" + }, + { + "name": "10671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10671" + }, + { + "name": "12795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12795" + }, + { + "name": "11353", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11353" + }, + { + "name": "yeemp-message-spoofing(17692)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17692" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2355.json b/2008/2xxx/CVE-2008-2355.json index a4ff349373e..65a54e347e2 100644 --- a/2008/2xxx/CVE-2008-2355.json +++ b/2008/2xxx/CVE-2008-2355.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5637", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5637" - }, - { - "name" : "29262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29262" - }, - { - "name" : "ADV-2008-1566", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1566/references" - }, - { - "name" : "30296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30296" - }, - { - "name" : "wrmeeting-index-file-include(42497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5637", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5637" + }, + { + "name": "30296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30296" + }, + { + "name": "29262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29262" + }, + { + "name": "wrmeeting-index-file-include(42497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42497" + }, + { + "name": "ADV-2008-1566", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1566/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2426.json b/2008/2xxx/CVE-2008-2426.json index f6e92a08e22..c08f8addacd 100644 --- a/2008/2xxx/CVE-2008-2426.json +++ b/2008/2xxx/CVE-2008-2426.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-2426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080529 Secunia Research: imlib2 PNM and XPM Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492739/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-25/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-25/advisory/" - }, - { - "name" : "DSA-1594", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1594" - }, - { - "name" : "FEDORA-2008-4842", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00030.html" - }, - { - "name" : "FEDORA-2008-4871", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00052.html" - }, - { - "name" : "FEDORA-2008-4950", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00113.html" - }, - { - "name" : "GLSA-200806-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-03.xml" - }, - { - "name" : "MDVSA-2008:123", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:123" - }, - { - "name" : "SUSE-SR:2008:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" - }, - { - "name" : "USN-697-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-697-1" - }, - { - "name" : "29417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29417" - }, - { - "name" : "ADV-2008-1700", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1700" - }, - { - "name" : "1020146", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020146" - }, - { - "name" : "30401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30401" - }, - { - "name" : "30485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30485" - }, - { - "name" : "30572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30572" - }, - { - "name" : "30727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30727" - }, - { - "name" : "31982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31982" - }, - { - "name" : "imlib2-pnm-xpm-bo(42732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080529 Secunia Research: imlib2 PNM and XPM Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492739/100/0/threaded" + }, + { + "name": "FEDORA-2008-4842", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00030.html" + }, + { + "name": "imlib2-pnm-xpm-bo(42732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42732" + }, + { + "name": "31982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31982" + }, + { + "name": "SUSE-SR:2008:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" + }, + { + "name": "GLSA-200806-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200806-03.xml" + }, + { + "name": "http://secunia.com/secunia_research/2008-25/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-25/advisory/" + }, + { + "name": "MDVSA-2008:123", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:123" + }, + { + "name": "DSA-1594", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1594" + }, + { + "name": "FEDORA-2008-4950", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00113.html" + }, + { + "name": "30727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30727" + }, + { + "name": "30401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30401" + }, + { + "name": "USN-697-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-697-1" + }, + { + "name": "29417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29417" + }, + { + "name": "30572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30572" + }, + { + "name": "ADV-2008-1700", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1700" + }, + { + "name": "30485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30485" + }, + { + "name": "FEDORA-2008-4871", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00052.html" + }, + { + "name": "1020146", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020146" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2773.json b/2008/2xxx/CVE-2008-2773.json index 642c367c0c4..ff80d240521 100644 --- a/2008/2xxx/CVE-2008-2773.json +++ b/2008/2xxx/CVE-2008-2773.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2773", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/269389", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/269389" - }, - { - "name" : "29683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29683" - }, - { - "name" : "30631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30631" - }, - { - "name" : "taxonomyimage-unspecified-xss(43013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30631" + }, + { + "name": "http://drupal.org/node/269389", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/269389" + }, + { + "name": "taxonomyimage-unspecified-xss(43013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43013" + }, + { + "name": "29683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29683" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0125.json b/2012/0xxx/CVE-2012-0125.json index a656885f664..80433021735 100644 --- a/2012/0xxx/CVE-2012-0125.json +++ b/2012/0xxx/CVE-2012-0125.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02755", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03221589" - }, - { - "name" : "SSRT100667", - "refsource" : "HP", - "url" : "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03221589" - }, - { - "name" : "52733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52733" - }, - { - "name" : "1026849", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026849" - }, - { - "name" : "48593", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48593" - }, - { - "name" : "hpux-wbem-sec-bypass(74391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026849", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026849" + }, + { + "name": "HPSBUX02755", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03221589" + }, + { + "name": "SSRT100667", + "refsource": "HP", + "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03221589" + }, + { + "name": "52733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52733" + }, + { + "name": "hpux-wbem-sec-bypass(74391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74391" + }, + { + "name": "48593", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48593" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0204.json b/2012/0xxx/CVE-2012-0204.json index c5ae60467e3..c66754749f2 100644 --- a/2012/0xxx/CVE-2012-0204.json +++ b/2012/0xxx/CVE-2012-0204.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501" - }, - { - "name" : "infosphere-is-dll-code-execution(73255)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73255" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "infosphere-is-dll-code-execution(73255)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73255" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0499.json b/2012/0xxx/CVE-2012-0499.json index 20cc0fd15db..1b1b4e4ceab 100644 --- a/2012/0xxx/CVE-2012-0499.json +++ b/2012/0xxx/CVE-2012-0499.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02757", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2" - }, - { - "name" : "HPSBUX02760", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "HPSBUX02784", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2" - }, - { - "name" : "SSRT100779", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2" - }, - { - "name" : "SSRT100805", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100871", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2012:1080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1080.html" - }, - { - "name" : "RHSA-2012:0508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0508.html" - }, - { - "name" : "RHSA-2012:0514", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0514.html" - }, - { - "name" : "RHSA-2012:0702", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0702.html" - }, - { - "name" : "SUSE-SU-2012:1013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html" - }, - { - "name" : "SUSE-SU-2012:0881", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html" - }, - { - "name" : "SUSE-SU-2012:0602", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" - }, - { - "name" : "SUSE-SU-2012:0603", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html" - }, - { - "name" : "SUSE-SU-2012:0734", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html" - }, - { - "name" : "52016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52016" - }, - { - "name" : "oval:org.mitre.oval:def:14878", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14878" - }, - { - "name" : "48589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48589" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - }, - { - "name" : "48692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48692" - }, - { - "name" : "48915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48915" - }, - { - "name" : "48948", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48948" - }, - { - "name" : "48950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48950" - }, - { - "name" : "48073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48073" - }, - { - "name" : "48074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48074" + }, + { + "name": "HPSBUX02784", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" + }, + { + "name": "SUSE-SU-2012:1013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html" + }, + { + "name": "48692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48692" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "SUSE-SU-2012:0881", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html" + }, + { + "name": "48589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48589" + }, + { + "name": "SSRT100805", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "SUSE-SU-2012:0734", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html" + }, + { + "name": "SUSE-SU-2012:0602", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SUSE-SU-2012:0603", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html" + }, + { + "name": "48073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48073" + }, + { + "name": "48950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48950" + }, + { + "name": "48948", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48948" + }, + { + "name": "SSRT100871", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2" + }, + { + "name": "48915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48915" + }, + { + "name": "HPSBUX02757", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2" + }, + { + "name": "RHSA-2012:0508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "RHSA-2012:0514", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0514.html" + }, + { + "name": "RHSA-2012:1080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1080.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "RHSA-2012:0702", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0702.html" + }, + { + "name": "HPSBUX02760", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2" + }, + { + "name": "oval:org.mitre.oval:def:14878", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14878" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "SSRT100779", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2" + }, + { + "name": "52016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52016" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1052.json b/2012/1xxx/CVE-2012-1052.json index 83f86500295..2a235b3e0fd 100644 --- a/2012/1xxx/CVE-2012-1052.json +++ b/2012/1xxx/CVE-2012-1052.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IvanView 1.2.15 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51895" - }, - { - "name" : "78905", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78905" - }, - { - "name" : "47362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47362" - }, - { - "name" : "ivanview-qcd-bo(73041)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IvanView 1.2.15 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78905", + "refsource": "OSVDB", + "url": "http://osvdb.org/78905" + }, + { + "name": "51895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51895" + }, + { + "name": "47362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47362" + }, + { + "name": "ivanview-qcd-bo(73041)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73041" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1147.json b/2012/1xxx/CVE-2012-1147.json index c3e555659ed..b6cc55ae743 100644 --- a/2012/1xxx/CVE-2012-1147.json +++ b/2012/1xxx/CVE-2012-1147.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.wxwidgets.org/ticket/11194", - "refsource" : "MISC", - "url" : "http://trac.wxwidgets.org/ticket/11194" - }, - { - "name" : "http://trac.wxwidgets.org/ticket/11432", - "refsource" : "MISC", - "url" : "http://trac.wxwidgets.org/ticket/11432" - }, - { - "name" : "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", - "refsource" : "CONFIRM", - "url" : "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15" - }, - { - "name" : "http://sourceforge.net/projects/expat/files/expat/2.1.0/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/expat/files/expat/2.1.0/" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127" - }, - { - "name" : "https://support.apple.com/HT205637", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205637" - }, - { - "name" : "APPLE-SA-2015-12-08-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" - }, - { - "name" : "52379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52379" - }, - { - "name" : "1034344", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT205637", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205637" + }, + { + "name": "1034344", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034344" + }, + { + "name": "52379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52379" + }, + { + "name": "http://sourceforge.net/projects/expat/files/expat/2.1.0/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/expat/files/expat/2.1.0/" + }, + { + "name": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", + "refsource": "CONFIRM", + "url": "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15" + }, + { + "name": "APPLE-SA-2015-12-08-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127" + }, + { + "name": "http://trac.wxwidgets.org/ticket/11432", + "refsource": "MISC", + "url": "http://trac.wxwidgets.org/ticket/11432" + }, + { + "name": "http://trac.wxwidgets.org/ticket/11194", + "refsource": "MISC", + "url": "http://trac.wxwidgets.org/ticket/11194" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1482.json b/2012/1xxx/CVE-2012-1482.json index 66e82f42b1d..2e4f2c95aa2 100644 --- a/2012/1xxx/CVE-2012-1482.json +++ b/2012/1xxx/CVE-2012-1482.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1482-vulnerability-in-TouchPalContacts.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1482-vulnerability-in-TouchPalContacts.html" - }, - { - "name" : "52491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52491" - }, - { - "name" : "80169", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80169" - }, - { - "name" : "touchpal-android-unspecified(74051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1482-vulnerability-in-TouchPalContacts.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1482-vulnerability-in-TouchPalContacts.html" + }, + { + "name": "52491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52491" + }, + { + "name": "touchpal-android-unspecified(74051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74051" + }, + { + "name": "80169", + "refsource": "OSVDB", + "url": "http://osvdb.org/80169" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1557.json b/2012/1xxx/CVE-2012-1557.json index 81f8c216a8a..b166b17fb74 100644 --- a/2012/1xxx/CVE-2012-1557.json +++ b/2012/1xxx/CVE-2012-1557.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/08/3" - }, - { - "name" : "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html" - }, - { - "name" : "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html", - "refsource" : "MISC", - "url" : "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html" - }, - { - "name" : "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216", - "refsource" : "CONFIRM", - "url" : "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216" - }, - { - "name" : "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216", - "refsource" : "CONFIRM", - "url" : "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216" - }, - { - "name" : "http://kb.parallels.com/en/113321", - "refsource" : "CONFIRM", - "url" : "http://kb.parallels.com/en/113321" - }, - { - "name" : "52267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52267" - }, - { - "name" : "79769", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79769" - }, - { - "name" : "1026760", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026760" - }, - { - "name" : "48262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48262" - }, - { - "name" : "plesk-unspec-unauth-access(73628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html", + "refsource": "MISC", + "url": "http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html" + }, + { + "name": "http://kb.parallels.com/en/113321", + "refsource": "CONFIRM", + "url": "http://kb.parallels.com/en/113321" + }, + { + "name": "79769", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79769" + }, + { + "name": "[oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/08/3" + }, + { + "name": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216", + "refsource": "CONFIRM", + "url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216" + }, + { + "name": "plesk-unspec-unauth-access(73628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73628" + }, + { + "name": "48262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48262" + }, + { + "name": "52267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52267" + }, + { + "name": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216", + "refsource": "CONFIRM", + "url": "http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216" + }, + { + "name": "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html", + "refsource": "MISC", + "url": "http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html" + }, + { + "name": "1026760", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026760" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1835.json b/2012/1xxx/CVE-2012-1835.json index 03ebf604181..88e4b306e10 100644 --- a/2012/1xxx/CVE-2012-1835.json +++ b/2012/1xxx/CVE-2012-1835.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120411 Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23082", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23082" - }, - { - "name" : "52986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52986" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52986" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23082", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23082" + }, + { + "name": "20120411 Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1851.json b/2012/1xxx/CVE-2012-1851.json index 9040d4e86c1..70822569421 100644 --- a/2012/1xxx/CVE-2012-1851.json +++ b/2012/1xxx/CVE-2012-1851.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka \"Print Spooler Service Format String Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054" - }, - { - "name" : "TA12-227A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15531", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka \"Print Spooler Service Format String Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-227A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" + }, + { + "name": "oval:org.mitre.oval:def:15531", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15531" + }, + { + "name": "MS12-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4486.json b/2012/4xxx/CVE-2012-4486.json index dd5db88b3f3..074a66a9013 100644 --- a/2012/4xxx/CVE-2012-4486.json +++ b/2012/4xxx/CVE-2012-4486.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" - }, - { - "name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" - }, - { - "name" : "http://drupal.org/node/1700584", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1700584" - }, - { - "name" : "http://drupal.org/node/1700550", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1700550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6" + }, + { + "name": "http://drupal.org/node/1700584", + "refsource": "MISC", + "url": "http://drupal.org/node/1700584" + }, + { + "name": "http://drupal.org/node/1700550", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1700550" + }, + { + "name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/07/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5056.json b/2012/5xxx/CVE-2012-5056.json index 2f93295feaa..8f5b456936d 100644 --- a/2012/5xxx/CVE-2012-5056.json +++ b/2012/5xxx/CVE-2012-5056.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/CVE-2012-5056/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/CVE-2012-5056/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root parameter to apps/gallery/templates/index.php, or a (3) malformed query to lib/db.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/CVE-2012-5056/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/CVE-2012-5056/" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5459.json b/2012/5xxx/CVE-2012-5459.json index a817d214727..f92c6340fcb 100644 --- a/2012/5xxx/CVE-2012-5459.json +++ b/2012/5xxx/CVE-2012-5459.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a \"system folder.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0015.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0015.html" - }, - { - "name" : "56470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56470" - }, - { - "name" : "87119", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87119" - }, - { - "name" : "workstation-dll-code-exec(79923)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows allows host OS users to gain host OS privileges via a Trojan horse DLL in a \"system folder.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56470" + }, + { + "name": "87119", + "refsource": "OSVDB", + "url": "http://osvdb.org/87119" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html" + }, + { + "name": "workstation-dll-code-exec(79923)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79923" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5602.json b/2012/5xxx/CVE-2012-5602.json index 410533d1322..6345aed7853 100644 --- a/2012/5xxx/CVE-2012-5602.json +++ b/2012/5xxx/CVE-2012-5602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5602", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5602", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6058. Reason: This candidate is a reservation duplicate of CVE-2012-6058. Notes: All CVE users should reference CVE-2012-6058 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3083.json b/2017/3xxx/CVE-2017-3083.json index ea9624dbfe5..7c568de273b 100644 --- a/2017/3xxx/CVE-2017-3083.json +++ b/2017/3xxx/CVE-2017-3083.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.171 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.171 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.171 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1439" - }, - { - "name" : "99023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99023" - }, - { - "name" : "1038655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" + }, + { + "name": "99023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99023" + }, + { + "name": "1038655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038655" + }, + { + "name": "RHSA-2017:1439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1439" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3203.json b/2017/3xxx/CVE-2017-3203.json index a7639868703..5be2567c3f0 100644 --- a/2017/3xxx/CVE-2017-3203.json +++ b/2017/3xxx/CVE-2017-3203.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3203", - "STATE" : "PUBLIC", - "TITLE" : "Pivotal/Spring Spring-flex's Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring-flex", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "0", - "version_value" : "0" - } - ] - } - } - ] - }, - "vendor_name" : "Pivotal/Spring" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502: Deserialization of Untrusted Data" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3203", + "STATE": "PUBLIC", + "TITLE": "Pivotal/Spring Spring-flex's Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring-flex", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "0", + "version_value": "0" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal/Spring" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", - "refsource" : "MISC", - "url" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" - }, - { - "name" : "https://codewhitesec.blogspot.com/2017/04/amf.html", - "refsource" : "MISC", - "url" : "https://codewhitesec.blogspot.com/2017/04/amf.html" - }, - { - "name" : "VU#307983", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/307983" - }, - { - "name" : "97376", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/97376" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codewhitesec.blogspot.com/2017/04/amf.html", + "refsource": "MISC", + "url": "https://codewhitesec.blogspot.com/2017/04/amf.html" + }, + { + "name": "VU#307983", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/307983" + }, + { + "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", + "refsource": "MISC", + "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" + }, + { + "name": "97376", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/97376" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3352.json b/2017/3xxx/CVE-2017-3352.json index 9a5325bfe21..a6a2f1b9be5 100644 --- a/2017/3xxx/CVE-2017-3352.json +++ b/2017/3xxx/CVE-2017-3352.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95500" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3359.json b/2017/3xxx/CVE-2017-3359.json index 3c10901ccd5..d803db588ef 100644 --- a/2017/3xxx/CVE-2017-3359.json +++ b/2017/3xxx/CVE-2017-3359.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Customer Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Customer Intelligence", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95464" - }, - { - "name" : "1037639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95464" + }, + { + "name": "1037639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037639" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3799.json b/2017/3xxx/CVE-2017-3799.json index 878f8c75e8d..a4f071b2d4c 100644 --- a/2017/3xxx/CVE-2017-3799.json +++ b/2017/3xxx/CVE-2017-3799.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meeting Center T28.1", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meeting Center T28.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meeting Center T28.1", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meeting Center T28.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4" - }, - { - "name" : "95642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95642" - }, - { - "name" : "1037647", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037647", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037647" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4" + }, + { + "name": "95642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95642" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6123.json b/2017/6xxx/CVE-2017-6123.json index 6dc6d2ef545..53342a22948 100644 --- a/2017/6xxx/CVE-2017-6123.json +++ b/2017/6xxx/CVE-2017-6123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6944.json b/2017/6xxx/CVE-2017-6944.json index 31e2522b971..dfc31983f66 100644 --- a/2017/6xxx/CVE-2017-6944.json +++ b/2017/6xxx/CVE-2017-6944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6944", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6944", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7148.json b/2017/7xxx/CVE-2017-7148.json index ec80aa77c3f..1574dd4c4ab 100644 --- a/2017/7xxx/CVE-2017-7148.json +++ b/2017/7xxx/CVE-2017-7148.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Location Framework\" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "101000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Location Framework\" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101000" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7170.json b/2017/7xxx/CVE-2017-7170.json index 9bceb1fb298..e02aab6365b 100644 --- a/2017/7xxx/CVE-2017-7170.json +++ b/2017/7xxx/CVE-2017-7170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Security\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Security\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7517.json b/2017/7xxx/CVE-2017-7517.json index 2c6f64ee0af..079413135d9 100644 --- a/2017/7xxx/CVE-2017-7517.json +++ b/2017/7xxx/CVE-2017-7517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8702.json b/2017/8xxx/CVE-2017-8702.json index f2d98105e14..327fa271310 100644 --- a/2017/8xxx/CVE-2017-8702.json +++ b/2017/8xxx/CVE-2017-8702.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Error Reporting (WER)", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka \"Windows Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Error Reporting (WER)", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702" - }, - { - "name" : "100785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100785" - }, - { - "name" : "1039353", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka \"Windows Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100785" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8702" + }, + { + "name": "1039353", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039353" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8888.json b/2017/8xxx/CVE-2017-8888.json index a017e9846db..6cac3e89afe 100644 --- a/2017/8xxx/CVE-2017-8888.json +++ b/2017/8xxx/CVE-2017-8888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8971.json b/2017/8xxx/CVE-2017-8971.json index d71c9d8f80a..c2ca26293f0 100644 --- a/2017/8xxx/CVE-2017-8971.json +++ b/2017/8xxx/CVE-2017-8971.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-8971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "7.6 LR1" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Clickjacking" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-8971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "7.6 LR1" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us" - }, - { - "name" : "101938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A clickjacking vulnerability in HPE Matrix Operating Environment version 7.6 LR1 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101938" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03795en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10492.json b/2018/10xxx/CVE-2018-10492.json index d8c9bf0532c..46abb7d4415 100644 --- a/2018/10xxx/CVE-2018-10492.json +++ b/2018/10xxx/CVE-2018-10492.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5424." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-402", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-402" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Clod Progressive Mesh Continuation structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5424." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-402", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-402" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10606.json b/2018/10xxx/CVE-2018-10606.json index b3cddb4d051..24b47189b5c 100644 --- a/2018/10xxx/CVE-2018-10606.json +++ b/2018/10xxx/CVE-2018-10606.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-07-31T00:00:00", - "ID" : "CVE-2018-10606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LeviStudioU", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 1.8.29 and 1.8.44" - } - ] - } - } - ] - }, - "vendor_name" : "WECON Technology Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HEAP-BASED BUFFER OVERFLOW CWE-122" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-07-31T00:00:00", + "ID": "CVE-2018-10606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LeviStudioU", + "version": { + "version_data": [ + { + "version_value": "Versions 1.8.29 and 1.8.44" + } + ] + } + } + ] + }, + "vendor_name": "WECON Technology Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03" - }, - { - "name" : "104935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-03" + }, + { + "name": "104935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104935" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10648.json b/2018/10xxx/CVE-2018-10648.json index 1f302b117d7..f87271bc455 100644 --- a/2018/10xxx/CVE-2018-10648.json +++ b/2018/10xxx/CVE-2018-10648.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX234879", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX234879", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234879" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10988.json b/2018/10xxx/CVE-2018-10988.json index 088fc34d5be..3787492664d 100644 --- a/2018/10xxx/CVE-2018-10988.json +++ b/2018/10xxx/CVE-2018-10988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/neolead/a1fadac07373835507705a7d61e638ae#file-cve-2018-10988-txt", - "refsource" : "MISC", - "url" : "https://gist.github.com/neolead/a1fadac07373835507705a7d61e638ae#file-cve-2018-10988-txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/neolead/a1fadac07373835507705a7d61e638ae#file-cve-2018-10988-txt", + "refsource": "MISC", + "url": "https://gist.github.com/neolead/a1fadac07373835507705a7d61e638ae#file-cve-2018-10988-txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13701.json b/2018/13xxx/CVE-2018-13701.json index 9a1d237e320..4aa4b89264a 100644 --- a/2018/13xxx/CVE-2018-13701.json +++ b/2018/13xxx/CVE-2018-13701.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KissMe", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KissMe" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for KissMe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KissMe", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/KissMe" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13758.json b/2018/13xxx/CVE-2018-13758.json index 38f5acbdc8a..1ffec4ff1fd 100644 --- a/2018/13xxx/CVE-2018-13758.json +++ b/2018/13xxx/CVE-2018-13758.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LoliCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LoliCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for LoliCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LoliCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LoliCoin" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13833.json b/2018/13xxx/CVE-2018-13833.json index ebf9bd27437..8ce20a824ce 100644 --- a/2018/13xxx/CVE-2018-13833.json +++ b/2018/13xxx/CVE-2018-13833.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dariomanesku/cmft/issues/38", - "refsource" : "MISC", - "url" : "https://github.com/dariomanesku/cmft/issues/38" - }, - { - "name" : "https://github.com/fouzhe/security/tree/master/cmft", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/cmft" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dariomanesku/cmft/issues/38", + "refsource": "MISC", + "url": "https://github.com/dariomanesku/cmft/issues/38" + }, + { + "name": "https://github.com/fouzhe/security/tree/master/cmft", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/cmft" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13915.json b/2018/13xxx/CVE-2018-13915.json index 4e218d27e12..76cae339452 100644 --- a/2018/13xxx/CVE-2018-13915.json +++ b/2018/13xxx/CVE-2018-13915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13915", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13915", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17104.json b/2018/17xxx/CVE-2018-17104.json index d5d443a5a75..081dcbb0509 100644 --- a/2018/17xxx/CVE-2018-17104.json +++ b/2018/17xxx/CVE-2018-17104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/microweber/microweber/issues/483", - "refsource" : "MISC", - "url" : "https://github.com/microweber/microweber/issues/483" - }, - { - "name" : "https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e", - "refsource" : "CONFIRM", - "url" : "https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e" - }, - { - "name" : "https://github.com/microweber/microweber/issues/484", - "refsource" : "CONFIRM", - "url" : "https://github.com/microweber/microweber/issues/484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Microweber 1.0.7. There is a CSRF attack (against the admin user) that can add an administrative account via api/save_user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/microweber/microweber/issues/484", + "refsource": "CONFIRM", + "url": "https://github.com/microweber/microweber/issues/484" + }, + { + "name": "https://github.com/microweber/microweber/issues/483", + "refsource": "MISC", + "url": "https://github.com/microweber/microweber/issues/483" + }, + { + "name": "https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e", + "refsource": "CONFIRM", + "url": "https://github.com/microweber/microweber/commit/982ea9d5efb7d2306a05644ebc3469dadb33767e" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17683.json b/2018/17xxx/CVE-2018-17683.json index b1556bae1b3..4fe9438c69b 100644 --- a/2018/17xxx/CVE-2018-17683.json +++ b/2018/17xxx/CVE-2018-17683.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1157/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1157/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the createIcon method of an app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7163." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1157/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1157/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9244.json b/2018/9xxx/CVE-2018-9244.json index 20215348e0f..c852bbcac43 100644 --- a/2018/9xxx/CVE-2018-9244.json +++ b/2018/9xxx/CVE-2018-9244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/", - "refsource" : "MISC", - "url" : "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/41838", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/41838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/41838", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/41838" + }, + { + "name": "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/", + "refsource": "MISC", + "url": "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9489.json b/2018/9xxx/CVE-2018-9489.json index 9bc1a903af4..a0410fd385b 100644 --- a/2018/9xxx/CVE-2018-9489.json +++ b/2018/9xxx/CVE-2018-9489.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/", - "refsource" : "MISC", - "url" : "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/" - }, - { - "name" : "1041590", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041590" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/", + "refsource": "MISC", + "url": "https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/" + }, + { + "name": "1041590", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041590" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9631.json b/2018/9xxx/CVE-2018-9631.json index a2d041e31be..de2f24a31f1 100644 --- a/2018/9xxx/CVE-2018-9631.json +++ b/2018/9xxx/CVE-2018-9631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9765.json b/2018/9xxx/CVE-2018-9765.json index fb50e408533..e77d9a9ad60 100644 --- a/2018/9xxx/CVE-2018-9765.json +++ b/2018/9xxx/CVE-2018-9765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9765", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9765", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9994.json b/2018/9xxx/CVE-2018-9994.json index 46e51960ada..b112696aca7 100644 --- a/2018/9xxx/CVE-2018-9994.json +++ b/2018/9xxx/CVE-2018-9994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9994", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-9994", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file