From 0ace82a322ac8fbcc2dabe65b4cd730fd24cad9e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:58:53 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0043.json | 240 ++++++------- 2002/0xxx/CVE-2002-0566.json | 160 ++++----- 2002/0xxx/CVE-2002-0816.json | 160 ++++----- 2002/0xxx/CVE-2002-0981.json | 140 ++++---- 2002/1xxx/CVE-2002-1940.json | 140 ++++---- 2002/1xxx/CVE-2002-1979.json | 130 +++---- 2002/2xxx/CVE-2002-2261.json | 200 +++++------ 2005/1xxx/CVE-2005-1249.json | 150 ++++---- 2005/1xxx/CVE-2005-1310.json | 140 ++++---- 2005/1xxx/CVE-2005-1383.json | 170 ++++----- 2005/1xxx/CVE-2005-1700.json | 120 +++---- 2009/1xxx/CVE-2009-1008.json | 180 +++++----- 2009/1xxx/CVE-2009-1234.json | 170 ++++----- 2009/1xxx/CVE-2009-1491.json | 130 +++---- 2009/1xxx/CVE-2009-1951.json | 130 +++---- 2009/5xxx/CVE-2009-5150.json | 120 +++---- 2012/0xxx/CVE-2012-0179.json | 180 +++++----- 2012/0xxx/CVE-2012-0326.json | 180 +++++----- 2012/0xxx/CVE-2012-0462.json | 440 +++++++++++------------ 2012/0xxx/CVE-2012-0947.json | 190 +++++----- 2012/0xxx/CVE-2012-0956.json | 130 +++---- 2012/3xxx/CVE-2012-3546.json | 560 ++++++++++++++--------------- 2012/3xxx/CVE-2012-3766.json | 34 +- 2012/3xxx/CVE-2012-3832.json | 120 +++---- 2012/3xxx/CVE-2012-3976.json | 220 ++++++------ 2012/4xxx/CVE-2012-4000.json | 160 ++++----- 2012/4xxx/CVE-2012-4365.json | 34 +- 2012/4xxx/CVE-2012-4658.json | 120 +++---- 2012/4xxx/CVE-2012-4721.json | 34 +- 2012/6xxx/CVE-2012-6312.json | 130 +++---- 2012/6xxx/CVE-2012-6318.json | 34 +- 2012/6xxx/CVE-2012-6445.json | 34 +- 2017/1002xxx/CVE-2017-1002009.json | 130 +++---- 2017/2xxx/CVE-2017-2139.json | 150 ++++---- 2017/2xxx/CVE-2017-2188.json | 130 +++---- 2017/2xxx/CVE-2017-2390.json | 170 ++++----- 2017/2xxx/CVE-2017-2879.json | 122 +++---- 2017/6xxx/CVE-2017-6276.json | 132 +++---- 2017/6xxx/CVE-2017-6406.json | 130 +++---- 2017/6xxx/CVE-2017-6640.json | 140 ++++---- 2017/7xxx/CVE-2017-7880.json | 34 +- 2018/11xxx/CVE-2018-11242.json | 130 +++---- 2018/11xxx/CVE-2018-11290.json | 140 ++++---- 2018/11xxx/CVE-2018-11347.json | 120 +++---- 2018/11xxx/CVE-2018-11730.json | 130 +++---- 2018/14xxx/CVE-2018-14074.json | 34 +- 2018/14xxx/CVE-2018-14077.json | 120 +++---- 2018/14xxx/CVE-2018-14210.json | 34 +- 2018/14xxx/CVE-2018-14398.json | 120 +++---- 2018/14xxx/CVE-2018-14933.json | 130 +++---- 2018/15xxx/CVE-2018-15008.json | 34 +- 2018/15xxx/CVE-2018-15057.json | 34 +- 2018/15xxx/CVE-2018-15895.json | 120 +++---- 2018/20xxx/CVE-2018-20115.json | 34 +- 2018/20xxx/CVE-2018-20328.json | 130 +++---- 2018/20xxx/CVE-2018-20541.json | 140 ++++---- 2018/20xxx/CVE-2018-20604.json | 120 +++---- 2018/9xxx/CVE-2018-9232.json | 120 +++---- 2018/9xxx/CVE-2018-9451.json | 132 +++---- 59 files changed, 4020 insertions(+), 4020 deletions(-) diff --git a/2002/0xxx/CVE-2002-0043.json b/2002/0xxx/CVE-2002-0043.json index 71810ef1d96..d4be02050e7 100644 --- a/2002/0xxx/CVE-2002-0043.json +++ b/2002/0xxx/CVE-2002-0043.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020114 Sudo version 1.6.4 now available (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/250168" - }, - { - "name" : "RHSA-2002:013", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-013.html" - }, - { - "name" : "RHSA-2002:011", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-011.html" - }, - { - "name" : "CLA-2002:451", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451" - }, - { - "name" : "SuSE-SA:2002:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html" - }, - { - "name" : "MDKSA-2002:003", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003" - }, - { - "name" : "DSA-101", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-101" - }, - { - "name" : "IMNX-2002-70-001-01", - "refsource" : "IMMUNIX", - "url" : "http://www.securityfocus.com/advisories/3800" - }, - { - "name" : "FreeBSD-SA-02:06", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc" - }, - { - "name" : "20020116 Sudo +Postfix Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101120193627756&w=2" - }, - { - "name" : "http://www.sudo.ws/sudo/alerts/postfix.html", - "refsource" : "MISC", - "url" : "http://www.sudo.ws/sudo/alerts/postfix.html" - }, - { - "name" : "sudo-unclean-env-root(7891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7891" - }, - { - "name" : "3871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-02:06", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc" + }, + { + "name": "RHSA-2002:013", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-013.html" + }, + { + "name": "sudo-unclean-env-root(7891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7891" + }, + { + "name": "IMNX-2002-70-001-01", + "refsource": "IMMUNIX", + "url": "http://www.securityfocus.com/advisories/3800" + }, + { + "name": "3871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3871" + }, + { + "name": "20020114 Sudo version 1.6.4 now available (fwd)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/250168" + }, + { + "name": "20020116 Sudo +Postfix Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101120193627756&w=2" + }, + { + "name": "http://www.sudo.ws/sudo/alerts/postfix.html", + "refsource": "MISC", + "url": "http://www.sudo.ws/sudo/alerts/postfix.html" + }, + { + "name": "SuSE-SA:2002:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html" + }, + { + "name": "MDKSA-2002:003", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003" + }, + { + "name": "DSA-101", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-101" + }, + { + "name": "RHSA-2002:011", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-011.html" + }, + { + "name": "CLA-2002:451", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0566.json b/2002/0xxx/CVE-2002-0566.json index 54b6e316770..1a117eb52aa 100644 --- a/2002/0xxx/CVE-2002-0566.json +++ b/2002/0xxx/CVE-2002-0566.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#805915", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/805915" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" - }, - { - "name" : "4037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4037" - }, - { - "name" : "oracle-appserver-plsql-pls-dos(8099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "4037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4037" + }, + { + "name": "VU#805915", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/805915" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" + }, + { + "name": "oracle-appserver-plsql-pls-dos(8099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0816.json b/2002/0xxx/CVE-2002-0816.json index 503c4bc43f6..6ae8347bff1 100644 --- a/2002/0xxx/CVE-2002-0816.json +++ b/2002/0xxx/CVE-2002-0816.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020719 tru64 proof of concept /bin/su non-exec bypass", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102709593117171&w=2" - }, - { - "name" : "SSRT2257", - "refsource" : "COMPAQ", - "url" : "http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html" - }, - { - "name" : "VU#229867", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/229867" - }, - { - "name" : "5272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5272" - }, - { - "name" : "tru64-su-bo(9640)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9640.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT2257", + "refsource": "COMPAQ", + "url": "http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html" + }, + { + "name": "20020719 tru64 proof of concept /bin/su non-exec bypass", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102709593117171&w=2" + }, + { + "name": "tru64-su-bo(9640)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9640.php" + }, + { + "name": "5272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5272" + }, + { + "name": "VU#229867", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/229867" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0981.json b/2002/0xxx/CVE-2002-0981.json index bc37208ccfc..551bda0c083 100644 --- a/2002/0xxx/CVE-2002-0981.json +++ b/2002/0xxx/CVE-2002-0981.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-2002-SCO.36", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt" - }, - { - "name" : "openunix-unixware-ndcfg-bo(9945)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9945.php" - }, - { - "name" : "5551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2002-SCO.36", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt" + }, + { + "name": "5551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5551" + }, + { + "name": "openunix-unixware-ndcfg-bo(9945)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9945.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1940.json b/2002/1xxx/CVE-2002-1940.json index 55941af5004..4a687975e44 100644 --- a/2002/1xxx/CVE-2002-1940.json +++ b/2002/1xxx/CVE-2002-1940.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020802 Lcc-win32 infos diffusion", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0504.html" - }, - { - "name" : "5391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5391" - }, - { - "name" : "lccwin32-binary-file-disclosure(9749)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9749.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lccwin32-binary-file-disclosure(9749)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9749.php" + }, + { + "name": "20020802 Lcc-win32 infos diffusion", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0504.html" + }, + { + "name": "5391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5391" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1979.json b/2002/1xxx/CVE-2002-1979.json index 1b3b0760be0..5a30545f4e0 100644 --- a/2002/1xxx/CVE-2002-1979.json +++ b/2002/1xxx/CVE-2002-1979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-5EQR65", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-5EQR65" - }, - { - "name" : "VU#328867", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/328867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclass/RSSA using 3.2 SP1 and earlier, allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-5EQR65", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/AAMN-5EQR65" + }, + { + "name": "VU#328867", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/328867" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2261.json b/2002/2xxx/CVE-2002-2261.json index 986bf8a9401..eb6ab26b56e 100644 --- a/2002/2xxx/CVE-2002-2261.json +++ b/2002/2xxx/CVE-2002-2261.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sendmail.org/8.12.7.html", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/8.12.7.html" - }, - { - "name" : "20030101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030101-01-P" - }, - { - "name" : "6548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6548" - }, - { - "name" : "oval:org.mitre.oval:def:8512", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8512" - }, - { - "name" : "oval:org.mitre.oval:def:6892", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6892" - }, - { - "name" : "1005748", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005748" - }, - { - "name" : "7826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7826" - }, - { - "name" : "ADV-2009-3539", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3539" - }, - { - "name" : "sendmail-check-relay-bypass(10775)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6892", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6892" + }, + { + "name": "http://www.sendmail.org/8.12.7.html", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/8.12.7.html" + }, + { + "name": "ADV-2009-3539", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3539" + }, + { + "name": "oval:org.mitre.oval:def:8512", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8512" + }, + { + "name": "1005748", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005748" + }, + { + "name": "20030101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030101-01-P" + }, + { + "name": "6548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6548" + }, + { + "name": "sendmail-check-relay-bypass(10775)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10775" + }, + { + "name": "7826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7826" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1249.json b/2005/1xxx/CVE-2005-1249.json index 42f76a75f01..94844380a49 100644 --- a/2005/1xxx/CVE-2005-1249.json +++ b/2005/1xxx/CVE-2005-1249.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050524 Ipswitch IMail IMAP LSUB DoS Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=245&type=vulnerabilities" - }, - { - "name" : "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html", - "refsource" : "CONFIRM", - "url" : "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html" - }, - { - "name" : "13727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13727" - }, - { - "name" : "1014047", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html", + "refsource": "CONFIRM", + "url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html" + }, + { + "name": "13727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13727" + }, + { + "name": "20050524 Ipswitch IMail IMAP LSUB DoS Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=245&type=vulnerabilities" + }, + { + "name": "1014047", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014047" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1310.json b/2005/1xxx/CVE-2005-1310.json index 4b12d3724e3..262a7839d2e 100644 --- a/2005/1xxx/CVE-2005-1310.json +++ b/2005/1xxx/CVE-2005-1310.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683" - }, - { - "name" : "15756", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15756" - }, - { - "name" : "1013811", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15756", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15756" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683" + }, + { + "name": "1013811", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013811" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1383.json b/2005/1xxx/CVE-2005-1383.json index 77779e7be23..3ef98ccd1b9 100644 --- a/2005/1xxx/CVE-2005-1383.json +++ b/2005/1xxx/CVE-2005-1383.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050428 Webcache Client Requests Bypass OHS mod_access Restrictions", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111472266123952&w=2" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_webcache_bypass.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_webcache_bypass.html" - }, - { - "name" : "13418", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13418" - }, - { - "name" : "15908", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15908" - }, - { - "name" : "15143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15143" - }, - { - "name" : "oracle9ias-application-cache-url-bypass(20311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13418", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13418" + }, + { + "name": "20050428 Webcache Client Requests Bypass OHS mod_access Restrictions", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111472266123952&w=2" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_webcache_bypass.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_webcache_bypass.html" + }, + { + "name": "15908", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15908" + }, + { + "name": "15143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15143" + }, + { + "name": "oracle9ias-application-cache-url-bypass(20311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20311" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1700.json b/2005/1xxx/CVE-2005-1700.json index e2127cb7dbd..35f2a8eb725 100644 --- a/2005/1xxx/CVE-2005-1700.json +++ b/2005/1xxx/CVE-2005-1700.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x cXIb8O3.10", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111670586322172&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x cXIb8O3.10", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111670586322172&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1008.json b/2009/1xxx/CVE-2009-1008.json index c706851efdf..0b39ebe557b 100644 --- a/2009/1xxx/CVE-2009-1008.json +++ b/2009/1xxx/CVE-2009-1008.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53747", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53747" - }, - { - "name" : "1022055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022055" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022055" + }, + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "53747", + "refsource": "OSVDB", + "url": "http://osvdb.org/53747" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1234.json b/2009/1xxx/CVE-2009-1234.json index a8e937a303a..9387a46dc95 100644 --- a/2009/1xxx/CVE-2009-1234.json +++ b/2009/1xxx/CVE-2009-1234.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8320", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8320" - }, - { - "name" : "http://websecurity.com.ua/3216/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3216/" - }, - { - "name" : "SUSE-SR:2009:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" - }, - { - "name" : "34298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34298" - }, - { - "name" : "oval:org.mitre.oval:def:5432", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5432" - }, - { - "name" : "opera-xml-dos(49522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8320", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8320" + }, + { + "name": "opera-xml-dos(49522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49522" + }, + { + "name": "http://websecurity.com.ua/3216/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3216/" + }, + { + "name": "SUSE-SR:2009:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" + }, + { + "name": "34298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34298" + }, + { + "name": "oval:org.mitre.oval:def:5432", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5432" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1491.json b/2009/1xxx/CVE-2009-1491.json index ab7faa3d0ca..2bb563e49b0 100644 --- a/2009/1xxx/CVE-2009-1491.json +++ b/2009/1xxx/CVE-2009-1491.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nmrc.org/~thegnome/blog/apr09/", - "refsource" : "MISC", - "url" : "http://www.nmrc.org/~thegnome/blog/apr09/" - }, - { - "name" : "groupshield-xheaders-security-bypass(50354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "groupshield-xheaders-security-bypass(50354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50354" + }, + { + "name": "http://www.nmrc.org/~thegnome/blog/apr09/", + "refsource": "MISC", + "url": "http://www.nmrc.org/~thegnome/blog/apr09/" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1951.json b/2009/1xxx/CVE-2009-1951.json index 5a42a244f77..93bf935e250 100644 --- a/2009/1xxx/CVE-2009-1951.json +++ b/2009/1xxx/CVE-2009-1951.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8858", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8858" - }, - { - "name" : "35289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35289" + }, + { + "name": "8858", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8858" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5150.json b/2009/5xxx/CVE-2009-5150.json index 567b6e67b90..53c7dc4d057 100644 --- a/2009/5xxx/CVE-2009-5150.json +++ b/2009/5xxx/CVE-2009-5150.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This allows a privileged local user to execute arbitrary code even after that user loses access and all disk partitions are reformatted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf", + "refsource": "MISC", + "url": "https://www.coresecurity.com/system/files/publications/2016/05/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0179.json b/2012/0xxx/CVE-2012-0179.json index 6dc9c5b2d6b..57ccfa7c3c3 100644 --- a/2012/0xxx/CVE-2012-0179.json +++ b/2012/0xxx/CVE-2012-0179.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka \"TCP/IP Double Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-032" - }, - { - "name" : "TA12-129A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" - }, - { - "name" : "53349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53349" - }, - { - "name" : "81729", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81729" - }, - { - "name" : "oval:org.mitre.oval:def:14908", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14908" - }, - { - "name" : "1027044", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027044" - }, - { - "name" : "49114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka \"TCP/IP Double Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14908", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14908" + }, + { + "name": "81729", + "refsource": "OSVDB", + "url": "http://osvdb.org/81729" + }, + { + "name": "1027044", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027044" + }, + { + "name": "MS12-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-032" + }, + { + "name": "53349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53349" + }, + { + "name": "49114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49114" + }, + { + "name": "TA12-129A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0326.json b/2012/0xxx/CVE-2012-0326.json index 6a2736f8dbe..fb7657c11d7 100644 --- a/2012/0xxx/CVE-2012-0326.json +++ b/2012/0xxx/CVE-2012-0326.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://twicca.r246.jp/notice/", - "refsource" : "CONFIRM", - "url" : "http://twicca.r246.jp/notice/" - }, - { - "name" : "https://play.google.com/store/apps/details?id=jp.r246.twicca", - "refsource" : "CONFIRM", - "url" : "https://play.google.com/store/apps/details?id=jp.r246.twicca" - }, - { - "name" : "JVN#31860555", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN31860555/index.html" - }, - { - "name" : "JVNDB-2012-000024", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000024" - }, - { - "name" : "52442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52442" - }, - { - "name" : "80106", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80106" - }, - { - "name" : "twicca-android-sec-bypass(73951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "twicca-android-sec-bypass(73951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73951" + }, + { + "name": "https://play.google.com/store/apps/details?id=jp.r246.twicca", + "refsource": "CONFIRM", + "url": "https://play.google.com/store/apps/details?id=jp.r246.twicca" + }, + { + "name": "JVNDB-2012-000024", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000024" + }, + { + "name": "http://twicca.r246.jp/notice/", + "refsource": "CONFIRM", + "url": "http://twicca.r246.jp/notice/" + }, + { + "name": "52442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52442" + }, + { + "name": "80106", + "refsource": "OSVDB", + "url": "http://osvdb.org/80106" + }, + { + "name": "JVN#31860555", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN31860555/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0462.json b/2012/0xxx/CVE-2012-0462.json index 7d3c8e3f563..0ed9c92fc64 100644 --- a/2012/0xxx/CVE-2012-0462.json +++ b/2012/0xxx/CVE-2012-0462.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=699033", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=699033" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701269", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701269" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705855", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705855" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712572", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712572" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714590", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714590" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718202", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718202" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718516", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718516" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=720380", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=720380" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=727330", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=727330" - }, - { - "name" : "MDVSA-2012:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" - }, - { - "name" : "RHSA-2012:0387", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" - }, - { - "name" : "RHSA-2012:0388", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" - }, - { - "name" : "openSUSE-SU-2012:0417", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" - }, - { - "name" : "SUSE-SU-2012:0424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0425", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" - }, - { - "name" : "USN-1400-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-3" - }, - { - "name" : "USN-1400-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-4" - }, - { - "name" : "USN-1400-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-5" - }, - { - "name" : "USN-1400-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-2" - }, - { - "name" : "USN-1400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-1" - }, - { - "name" : "oval:org.mitre.oval:def:15012", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15012" - }, - { - "name" : "1026804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026804" - }, - { - "name" : "1026801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026801" - }, - { - "name" : "1026803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026803" - }, - { - "name" : "48629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48629" - }, - { - "name" : "48513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48513" - }, - { - "name" : "48496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48496" - }, - { - "name" : "48553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48553" - }, - { - "name" : "48561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48561" - }, - { - "name" : "48624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48624" - }, - { - "name" : "48402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48402" - }, - { - "name" : "48359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0417", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" + }, + { + "name": "48402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48402" + }, + { + "name": "48624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48624" + }, + { + "name": "SUSE-SU-2012:0424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" + }, + { + "name": "USN-1400-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-5" + }, + { + "name": "48359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48359" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=714590", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=714590" + }, + { + "name": "USN-1400-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-4" + }, + { + "name": "48629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48629" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718516", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718516" + }, + { + "name": "USN-1400-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-3" + }, + { + "name": "RHSA-2012:0387", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=705855", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=705855" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=699033", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=699033" + }, + { + "name": "48496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48496" + }, + { + "name": "SUSE-SU-2012:0425", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=727330", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=727330" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=720380", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=720380" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" + }, + { + "name": "USN-1400-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-2" + }, + { + "name": "MDVSA-2012:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" + }, + { + "name": "oval:org.mitre.oval:def:15012", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15012" + }, + { + "name": "1026803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026803" + }, + { + "name": "48553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48553" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=701269", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=701269" + }, + { + "name": "USN-1400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-1" + }, + { + "name": "48561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48561" + }, + { + "name": "RHSA-2012:0388", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html" + }, + { + "name": "1026801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026801" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718202", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718202" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=712572", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=712572" + }, + { + "name": "1026804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026804" + }, + { + "name": "48513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48513" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0947.json b/2012/0xxx/CVE-2012-0947.json index e5d2cc6d5d6..c3535a48363 100644 --- a/2012/0xxx/CVE-2012-0947.json +++ b/2012/0xxx/CVE-2012-0947.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2012-0947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120503 Security issue in libav/ffmpeg", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/05/03/4" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3" - }, - { - "name" : "http://libav.org/", - "refsource" : "CONFIRM", - "url" : "http://libav.org/" - }, - { - "name" : "DSA-2471", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2471" - }, - { - "name" : "USN-1479-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1479-1" - }, - { - "name" : "53389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53389" - }, - { - "name" : "49089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963" + }, + { + "name": "USN-1479-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1479-1" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3" + }, + { + "name": "49089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49089" + }, + { + "name": "DSA-2471", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2471" + }, + { + "name": "http://libav.org/", + "refsource": "CONFIRM", + "url": "http://libav.org/" + }, + { + "name": "53389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53389" + }, + { + "name": "[oss-security] 20120503 Security issue in libav/ffmpeg", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/05/03/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0956.json b/2012/0xxx/CVE-2012-0956.json index 02f3b4507a7..fc76aaf6164 100644 --- a/2012/0xxx/CVE-2012-0956.json +++ b/2012/0xxx/CVE-2012-0956.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the tag of a Twitter feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2012-0956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/ubiquity-slideshow-ubuntu/%2Bbug/991982", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/ubiquity-slideshow-ubuntu/%2Bbug/991982" - }, - { - "name" : "USN-1561-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1561-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the tag of a Twitter feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1561-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1561-1" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/%2Bsource/ubiquity-slideshow-ubuntu/%2Bbug/991982", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/ubiquity-slideshow-ubuntu/%2Bbug/991982" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3546.json b/2012/3xxx/CVE-2012-3546.json index 79af40fa753..69215e1db2c 100644 --- a/2012/3xxx/CVE-2012-3546.json +++ b/2012/3xxx/CVE-2012-3546.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html" - }, - { - "name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892" - }, - { - "name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1377892", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1377892" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "HPSBMU02873", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" - }, - { - "name" : "SSRT101182", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBUX02866", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "SSRT101139", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "RHSA-2013:0146", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0146.html" - }, - { - "name" : "RHSA-2013:0147", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0147.html" - }, - { - "name" : "RHSA-2013:0151", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0151.html" - }, - { - "name" : "RHSA-2013:0157", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0157.html" - }, - { - "name" : "RHSA-2013:0158", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0158.html" - }, - { - "name" : "RHSA-2013:0164", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0164.html" - }, - { - "name" : "RHSA-2013:0191", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" - }, - { - "name" : "RHSA-2013:0192", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" - }, - { - "name" : "RHSA-2013:0193", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" - }, - { - "name" : "RHSA-2013:0194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" - }, - { - "name" : "RHSA-2013:0195", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" - }, - { - "name" : "RHSA-2013:0196", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" - }, - { - "name" : "RHSA-2013:0197", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" - }, - { - "name" : "RHSA-2013:0198", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" - }, - { - "name" : "RHSA-2013:0221", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0221.html" - }, - { - "name" : "RHSA-2013:0162", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0162.html" - }, - { - "name" : "RHSA-2013:0163", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0163.html" - }, - { - "name" : "RHSA-2013:0235", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0235.html" - }, - { - "name" : "RHSA-2013:0004", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0004.html" - }, - { - "name" : "RHSA-2013:0623", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0623.html" - }, - { - "name" : "RHSA-2013:0640", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0640.html" - }, - { - "name" : "RHSA-2013:0641", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0641.html" - }, - { - "name" : "RHSA-2013:0642", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0642.html" - }, - { - "name" : "RHSA-2013:0005", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0005.html" - }, - { - "name" : "openSUSE-SU-2012:1700", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" - }, - { - "name" : "openSUSE-SU-2012:1701", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" - }, - { - "name" : "openSUSE-SU-2013:0147", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" - }, - { - "name" : "USN-1685-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1685-1" - }, - { - "name" : "56812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56812" - }, - { - "name" : "oval:org.mitre.oval:def:19305", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305" - }, - { - "name" : "1027833", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027833" - }, - { - "name" : "51984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51984" - }, - { - "name" : "52054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52054" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101139", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "1027833", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027833" + }, + { + "name": "USN-1685-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1685-1" + }, + { + "name": "56812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56812" + }, + { + "name": "openSUSE-SU-2012:1700", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1377892", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1377892" + }, + { + "name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892" + }, + { + "name": "RHSA-2013:0640", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html" + }, + { + "name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892" + }, + { + "name": "RHSA-2013:0163", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html" + }, + { + "name": "SSRT101182", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" + }, + { + "name": "RHSA-2013:0164", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html" + }, + { + "name": "RHSA-2013:0192", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html" + }, + { + "name": "RHSA-2013:0198", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html" + }, + { + "name": "RHSA-2013:0641", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html" + }, + { + "name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "RHSA-2013:0004", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html" + }, + { + "name": "RHSA-2013:0195", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html" + }, + { + "name": "RHSA-2013:0221", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html" + }, + { + "name": "RHSA-2013:0196", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html" + }, + { + "name": "RHSA-2013:0147", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html" + }, + { + "name": "oval:org.mitre.oval:def:19305", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305" + }, + { + "name": "HPSBMU02873", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" + }, + { + "name": "RHSA-2013:0158", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html" + }, + { + "name": "RHSA-2013:0193", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html" + }, + { + "name": "RHSA-2013:0157", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html" + }, + { + "name": "51984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51984" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "52054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52054" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "RHSA-2013:0146", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html" + }, + { + "name": "openSUSE-SU-2013:0147", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" + }, + { + "name": "RHSA-2013:0191", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html" + }, + { + "name": "RHSA-2013:0623", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html" + }, + { + "name": "RHSA-2013:0197", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html" + }, + { + "name": "RHSA-2013:0235", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html" + }, + { + "name": "RHSA-2013:0642", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html" + }, + { + "name": "RHSA-2013:0194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + }, + { + "name": "HPSBUX02866", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "RHSA-2013:0005", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + }, + { + "name": "openSUSE-SU-2012:1701", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" + }, + { + "name": "RHSA-2013:0162", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html" + }, + { + "name": "RHSA-2013:0151", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3766.json b/2012/3xxx/CVE-2012-3766.json index 346768cb9cd..1b04d4cda6a 100644 --- a/2012/3xxx/CVE-2012-3766.json +++ b/2012/3xxx/CVE-2012-3766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3832.json b/2012/3xxx/CVE-2012-3832.json index 8b7247ee2e8..20f9436573b 100644 --- a/2012/3xxx/CVE-2012-3832.json +++ b/2012/3xxx/CVE-2012-3832.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/milesj/php-decoda/commit/6f2b9fb48bc110edeab17459038feb2627d52320", - "refsource" : "CONFIRM", - "url" : "https://github.com/milesj/php-decoda/commit/6f2b9fb48bc110edeab17459038feb2627d52320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/milesj/php-decoda/commit/6f2b9fb48bc110edeab17459038feb2627d52320", + "refsource": "CONFIRM", + "url": "https://github.com/milesj/php-decoda/commit/6f2b9fb48bc110edeab17459038feb2627d52320" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3976.json b/2012/3xxx/CVE-2012-3976.json index 9c4551db9e0..39aae779642 100644 --- a/2012/3xxx/CVE-2012-3976.json +++ b/2012/3xxx/CVE-2012-3976.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-69.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-69.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=768568", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=768568" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "RHSA-2012:1210", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55313", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55313" - }, - { - "name" : "oval:org.mitre.oval:def:16060", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-69.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-69.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=768568", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768568" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "RHSA-2012:1210", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "55313", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55313" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "oval:org.mitre.oval:def:16060", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16060" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4000.json b/2012/4xxx/CVE-2012-4000.json index 6b95c84f964..262c0f14559 100644 --- a/2012/4xxx/CVE-2012-4000.json +++ b/2012/4xxx/CVE-2012-4000.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/", - "refsource" : "MISC", - "url" : "http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/" - }, - { - "name" : "DSA-2522", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2522" - }, - { - "name" : "54188", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54188" - }, - { - "name" : "49606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49606" - }, - { - "name" : "fckeditor-spellchecker-xss(76604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2522", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2522" + }, + { + "name": "49606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49606" + }, + { + "name": "http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/", + "refsource": "MISC", + "url": "http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/" + }, + { + "name": "fckeditor-spellchecker-xss(76604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76604" + }, + { + "name": "54188", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54188" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4365.json b/2012/4xxx/CVE-2012-4365.json index 8bde5c17a2f..325bdbf273b 100644 --- a/2012/4xxx/CVE-2012-4365.json +++ b/2012/4xxx/CVE-2012-4365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4658.json b/2012/4xxx/CVE-2012-4658.json index 9f05451d017..585dfdabeea 100644 --- a/2012/4xxx/CVE-2012-4658.json +++ b/2012/4xxx/CVE-2012-4658.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions, aka Bug ID CSCtz99447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4721.json b/2012/4xxx/CVE-2012-4721.json index 1634a1eb484..d979fa41d1f 100644 --- a/2012/4xxx/CVE-2012-4721.json +++ b/2012/4xxx/CVE-2012-4721.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4721", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4721", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6312.json b/2012/6xxx/CVE-2012-6312.json index 98993ff71e1..9e3431d0dc4 100644 --- a/2012/6xxx/CVE-2012-6312.json +++ b/2012/6xxx/CVE-2012-6312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121207 Update on CVE assigned for Video Lead Form Plugin Cross-Site", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0060.html" - }, - { - "name" : "http://wordpress.org/extend/plugins/video-lead-form/changelog/", - "refsource" : "MISC", - "url" : "http://wordpress.org/extend/plugins/video-lead-form/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/video-lead-form/changelog/", + "refsource": "MISC", + "url": "http://wordpress.org/extend/plugins/video-lead-form/changelog/" + }, + { + "name": "20121207 Update on CVE assigned for Video Lead Form Plugin Cross-Site", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0060.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6318.json b/2012/6xxx/CVE-2012-6318.json index 2fe0aff2e18..e7c86add16c 100644 --- a/2012/6xxx/CVE-2012-6318.json +++ b/2012/6xxx/CVE-2012-6318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6445.json b/2012/6xxx/CVE-2012-6445.json index c0eb1ac89b7..36387eb6158 100644 --- a/2012/6xxx/CVE-2012-6445.json +++ b/2012/6xxx/CVE-2012-6445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002009.json b/2017/1002xxx/CVE-2017-1002009.json index 1c6896e9410..13a2a92ad16 100644 --- a/2017/1002xxx/CVE-2017-1002009.json +++ b/2017/1002xxx/CVE-2017-1002009.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1002009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "ID": "CVE-2017-1002009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://membership.officeautopilot.com/get-it-now/", - "refsource" : "MISC", - "url" : "http://membership.officeautopilot.com/get-it-now/" - }, - { - "name" : "http://www.vapidlabs.com/advisory.php?v=188", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vapidlabs.com/advisory.php?v=188", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=188" + }, + { + "name": "http://membership.officeautopilot.com/get-it-now/", + "refsource": "MISC", + "url": "http://membership.officeautopilot.com/get-it-now/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2139.json b/2017/2xxx/CVE-2017-2139.json index 18b646e06a3..5f004324209 100644 --- a/2017/2xxx/CVE-2017-2139.json +++ b/2017/2xxx/CVE-2017-2139.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CS-Cart Japanese Edition", - "version" : { - "version_data" : [ - { - "version_value" : "v4.3.10 and earlier (excluding v2 and v3)" - } - ] - } - }, - { - "product_name" : "CS-Cart Multivendor Japanese Edition", - "version" : { - "version_data" : [ - { - "version_value" : "v4.3.10 and earlier (excluding v2 and v3)" - } - ] - } - } - ] - }, - "vendor_name" : "Frogman Office Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Fails to restrict access" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CS-Cart Japanese Edition", + "version": { + "version_data": [ + { + "version_value": "v4.3.10 and earlier (excluding v2 and v3)" + } + ] + } + }, + { + "product_name": "CS-Cart Multivendor Japanese Edition", + "version": { + "version_data": [ + { + "version_value": "v4.3.10 and earlier (excluding v2 and v3)" + } + ] + } + } + ] + }, + "vendor_name": "Frogman Office Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tips.cs-cart.jp/fix-jvn-14396697.html", - "refsource" : "MISC", - "url" : "http://tips.cs-cart.jp/fix-jvn-14396697.html" - }, - { - "name" : "JVN#14396697", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN14396697/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to restrict access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#14396697", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN14396697/index.html" + }, + { + "name": "http://tips.cs-cart.jp/fix-jvn-14396697.html", + "refsource": "MISC", + "url": "http://tips.cs-cart.jp/fix-jvn-14396697.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2188.json b/2017/2xxx/CVE-2017-2188.json index 4c7e8ee5fd1..5d4884ad08f 100644 --- a/2017/2xxx/CVE-2017-2188.json +++ b/2017/2xxx/CVE-2017-2188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition", - "version" : { - "version_data" : [ - { - "version_value" : "(Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Ministry of Agreculture, Foresty and Fishery" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition", + "version": { + "version_data": [ + { + "version_value": "(Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Ministry of Agreculture, Foresty and Fishery" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html", - "refsource" : "MISC", - "url" : "http://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html" - }, - { - "name" : "JVN#65154137", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN65154137/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html", + "refsource": "MISC", + "url": "http://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html" + }, + { + "name": "JVN#65154137", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN65154137/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2390.json b/2017/2xxx/CVE-2017-2390.json index 3d4f82bb568..11b60bf4cec 100644 --- a/2017/2xxx/CVE-2017-2390.json +++ b/2017/2xxx/CVE-2017-2390.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the \"libarchive\" component. It allows local users to change arbitrary directory permissions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the \"libarchive\" component. It allows local users to change arbitrary directory permissions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2879.json b/2017/2xxx/CVE-2017-2879.json index 654846835ca..17fe64fef66 100644 --- a/2017/2xxx/CVE-2017-2879.json +++ b/2017/2xxx/CVE-2017-2879.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-2879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foscam C1 Indoor HD Camera", - "version" : { - "version_data" : [ - { - "version_value" : "Foscam Indoor IP Camera C1 Series,System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-2879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foscam C1 Indoor HD Camera", + "version": { + "version_data": [ + { + "version_value": "Foscam Indoor IP Camera C1 Series,System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0386", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0386", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0386" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6276.json b/2017/6xxx/CVE-2017-6276.json index 936d4f79102..083e629af3a 100644 --- a/2017/6xxx/CVE-2017-6276.json +++ b/2017/6xxx/CVE-2017-6276.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-6276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-6276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102106" + }, + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6406.json b/2017/6xxx/CVE-2017-6406.json index 5d343346872..bcf96e7e1e8 100644 --- a/2017/6xxx/CVE-2017-6406.json +++ b/2017/6xxx/CVE-2017-6406.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5" - }, - { - "name" : "96486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96486" + }, + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6640.json b/2017/6xxx/CVE-2017-6640.json index ac348245b11..adcfe0636b3 100644 --- a/2017/6xxx/CVE-2017-6640.json +++ b/2017/6xxx/CVE-2017-6640.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Data Center Network Manager Server Static Credential Vulnerability" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2" - }, - { - "name" : "98937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98937" - }, - { - "name" : "1038625", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level privileges. The vulnerability exists because the affected software has a default user account that has a default, static password. The user account is created automatically when the software is installed. An attacker could exploit this vulnerability by connecting remotely to an affected system and logging in to the affected software by using the credentials for this default user account. A successful exploit could allow the attacker to use this default user account to log in to the affected software and gain access to the administrative console of a DCNM server. This vulnerability affects Cisco Prime Data Center Network Manager (DCNM) Software releases prior to Release 10.2(1) for Microsoft Windows, Linux, and Virtual Appliance platforms. Cisco Bug IDs: CSCvd95346." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038625", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038625" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2" + }, + { + "name": "98937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98937" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7880.json b/2017/7xxx/CVE-2017-7880.json index 3d0ca58f475..1308457861e 100644 --- a/2017/7xxx/CVE-2017-7880.json +++ b/2017/7xxx/CVE-2017-7880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11242.json b/2018/11xxx/CVE-2018-11242.json index f4b669288ce..e91d6bf143c 100644 --- a/2018/11xxx/CVE-2018-11242.json +++ b/2018/11xxx/CVE-2018-11242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44690", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44690/" - }, - { - "name" : "https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1", - "refsource" : "MISC", - "url" : "https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44690", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44690/" + }, + { + "name": "https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1", + "refsource": "MISC", + "url": "https://gist.github.com/NinjaXshell/ba0aeee4b77b4bdea76d0c0c095d53b1" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11290.json b/2018/11xxx/CVE-2018-11290.json index 880d6450d6a..250ea646f84 100644 --- a/2018/11xxx/CVE-2018-11290.json +++ b/2018/11xxx/CVE-2018-11290.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cryptographic Issues in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Issues in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components" + }, + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11347.json b/2018/11xxx/CVE-2018-11347.json index 709333c16a8..24fd3305b1e 100644 --- a/2018/11xxx/CVE-2018-11347.json +++ b/2018/11xxx/CVE-2018-11347.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw allows an attacker to inject, into the response from the server, one or several HTTP Header. It requires an interaction with the user to send him the malicious link. It could be used to perform other attacks such as user redirection to a malicious website, HTTP response splitting, or HTTP cache poisoning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/yunohost-2-7-2-to-2-7-14-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11730.json b/2018/11xxx/CVE-2018-11730.json index b073ca6a3f9..5930ffa3295 100644 --- a/2018/11xxx/CVE-2018-11730.json +++ b/2018/11xxx/CVE-2018-11730.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180608 libfsntfs 20180420 vulns", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jun/17" - }, - { - "name" : "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148115/libfsntfs-20180420-Information-Disclosure.html" + }, + { + "name": "20180608 libfsntfs 20180420 vulns", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jun/17" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14074.json b/2018/14xxx/CVE-2018-14074.json index 01c8e4f7d7e..2c1c43d5c5b 100644 --- a/2018/14xxx/CVE-2018-14074.json +++ b/2018/14xxx/CVE-2018-14074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14074", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14074", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14077.json b/2018/14xxx/CVE-2018-14077.json index dc3417e1159..e956bf28a27 100644 --- a/2018/14xxx/CVE-2018-14077.json +++ b/2018/14xxx/CVE-2018-14077.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vulncode.com/advisory/CVE-2018-14077", - "refsource" : "MISC", - "url" : "https://vulncode.com/advisory/CVE-2018-14077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://vulncode.com/advisory/CVE-2018-14077", + "refsource": "MISC", + "url": "https://vulncode.com/advisory/CVE-2018-14077" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14210.json b/2018/14xxx/CVE-2018-14210.json index 9179db2efed..9ce1a943533 100644 --- a/2018/14xxx/CVE-2018-14210.json +++ b/2018/14xxx/CVE-2018-14210.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14210", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14210", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14398.json b/2018/14xxx/CVE-2018-14398.json index ebe3bc33d6c..bee2b4d772d 100644 --- a/2018/14xxx/CVE-2018-14398.json +++ b/2018/14xxx/CVE-2018-14398.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/08/cremecrm-1-6-12-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14933.json b/2018/14xxx/CVE-2018-14933.json index 5a912cb92d6..4416f9d3910 100644 --- a/2018/14xxx/CVE-2018-14933.json +++ b/2018/14xxx/CVE-2018-14933.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45070", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45070/" - }, - { - "name" : "46340", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46340/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45070", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45070/" + }, + { + "name": "46340", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46340/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15008.json b/2018/15xxx/CVE-2018-15008.json index dc67620a8d6..2cadb5d3986 100644 --- a/2018/15xxx/CVE-2018-15008.json +++ b/2018/15xxx/CVE-2018-15008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15057.json b/2018/15xxx/CVE-2018-15057.json index 2579c8770c5..13bc8012e27 100644 --- a/2018/15xxx/CVE-2018-15057.json +++ b/2018/15xxx/CVE-2018-15057.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15057", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15057", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15895.json b/2018/15xxx/CVE-2018-15895.json index b89d980fa03..21449beab0c 100644 --- a/2018/15xxx/CVE-2018-15895.json +++ b/2018/15xxx/CVE-2018-15895.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/40", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/40" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/40", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/40" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20115.json b/2018/20xxx/CVE-2018-20115.json index 59f124c2020..97cb411fc35 100644 --- a/2018/20xxx/CVE-2018-20115.json +++ b/2018/20xxx/CVE-2018-20115.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20115", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20115", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20328.json b/2018/20xxx/CVE-2018-20328.json index f9acb247eed..23bf2260012 100644 --- a/2018/20xxx/CVE-2018-20328.json +++ b/2018/20xxx/CVE-2018-20328.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered \"low risk\" due to the nature of the feature it exploits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034", - "refsource" : "MISC", - "url" : "https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034" - }, - { - "name" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues", - "refsource" : "MISC", - "url" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered \"low risk\" due to the nature of the feature it exploits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues", + "refsource": "MISC", + "url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues" + }, + { + "name": "https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034", + "refsource": "MISC", + "url": "https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20541.json b/2018/20xxx/CVE-2018-20541.json index 7b9153c4bae..c72caf47b2a 100644 --- a/2018/20xxx/CVE-2018-20541.json +++ b/2018/20xxx/CVE-2018-20541.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652632", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652632" - }, - { - "name" : "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d", - "refsource" : "MISC", - "url" : "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d" - }, - { - "name" : "https://github.com/hfp/libxsmm/issues/287", - "refsource" : "MISC", - "url" : "https://github.com/hfp/libxsmm/issues/287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hfp/libxsmm/issues/287", + "refsource": "MISC", + "url": "https://github.com/hfp/libxsmm/issues/287" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652632", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652632" + }, + { + "name": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d", + "refsource": "MISC", + "url": "https://github.com/hfp/libxsmm/commit/151481489192e6d1997f8bde52c5c425ea41741d" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20604.json b/2018/20xxx/CVE-2018-20604.json index 5e047d3e866..05f6d44e604 100644 --- a/2018/20xxx/CVE-2018-20604.json +++ b/2018/20xxx/CVE-2018-20604.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lei Feng TV CMS (aka LFCMS) 3.8.6 allows Directory Traversal via crafted use of ..* in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/*web*..*..*..*..*1.txt.html URI to read the 1.txt file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#directory-traversal" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9232.json b/2018/9xxx/CVE-2018-9232.json index 3cdacba6868..82a6a1d7d92 100644 --- a/2018/9xxx/CVE-2018-9232.json +++ b/2018/9xxx/CVE-2018-9232.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.digitalwhisper.co.il/files/Zines/0x5E/DW94-3-Repeater2.pdf", - "refsource" : "MISC", - "url" : "https://www.digitalwhisper.co.il/files/Zines/0x5E/DW94-3-Repeater2.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.digitalwhisper.co.il/files/Zines/0x5E/DW94-3-Repeater2.pdf", + "refsource": "MISC", + "url": "https://www.digitalwhisper.co.il/files/Zines/0x5E/DW94-3-Repeater2.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9451.json b/2018/9xxx/CVE-2018-9451.json index 8e1caea0689..eea4f891997 100644 --- a/2018/9xxx/CVE-2018-9451.json +++ b/2018/9xxx/CVE-2018-9451.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + } + ] + } +} \ No newline at end of file