diff --git a/2002/0xxx/CVE-2002-0229.json b/2002/0xxx/CVE-2002-0229.json index 307a44fe3b3..4baa6b452b5 100644 --- a/2002/0xxx/CVE-2002-0229.json +++ b/2002/0xxx/CVE-2002-0229.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using \"LOAD DATA INFILE LOCAL\" SQL statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020203 PHP Safe Mode Filesystem Circumvention Problem", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=101285016125377&w=2" - }, - { - "name" : "20020203 PHP Safe Mode Filesystem Circumvention Problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101286577109716&w=2" - }, - { - "name" : "20020205 Re: PHP Safe Mode Filesystem Circumvention Problem", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=101303065423534&w=2" - }, - { - "name" : "20020206 DW020203-PHP clarification", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101304702002321&w=2" - }, - { - "name" : "20020206 DW020203-PHP clarification", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=101303819613337&w=2" - }, - { - "name" : "4026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4026" - }, - { - "name" : "php-mysql-safemode-bypass(8105)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8105.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using \"LOAD DATA INFILE LOCAL\" SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020206 DW020203-PHP clarification", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=101303819613337&w=2" + }, + { + "name": "20020205 Re: PHP Safe Mode Filesystem Circumvention Problem", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=101303065423534&w=2" + }, + { + "name": "20020206 DW020203-PHP clarification", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101304702002321&w=2" + }, + { + "name": "20020203 PHP Safe Mode Filesystem Circumvention Problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101286577109716&w=2" + }, + { + "name": "20020203 PHP Safe Mode Filesystem Circumvention Problem", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=101285016125377&w=2" + }, + { + "name": "php-mysql-safemode-bypass(8105)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8105.php" + }, + { + "name": "4026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4026" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0450.json b/2002/0xxx/CVE-2002-0450.json index df4120b729e..45bfea54bed 100644 --- a/2002/0xxx/CVE-2002-0450.json +++ b/2002/0xxx/CVE-2002-0450.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020313 2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002)", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00208.html" - }, - { - "name" : "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943", - "refsource" : "CONFIRM", - "url" : "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943" - }, - { - "name" : "4282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4282" - }, - { - "name" : "webplus-wml-bo(8446)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8446.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020313 2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002)", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00208.html" + }, + { + "name": "webplus-wml-bo(8446)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8446.php" + }, + { + "name": "4282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4282" + }, + { + "name": "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943", + "refsource": "CONFIRM", + "url": "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0926.json b/2002/0xxx/CVE-2002-0926.json index a005b3451c2..505e0fb8ef7 100644 --- a/2002/0xxx/CVE-2002-0926.json +++ b/2002/0xxx/CVE-2002-0926.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020617 Directory Traversal in Wolfram Research's webMathematica", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0174.html" - }, - { - "name" : "http://support.wolfram.com/webmathematica/security/fileaccess.html", - "refsource" : "CONFIRM", - "url" : "http://support.wolfram.com/webmathematica/security/fileaccess.html" - }, - { - "name" : "VU#664323", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/664323" - }, - { - "name" : "5035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5035" - }, - { - "name" : "webmathematica-dot-directory-traversal(9373)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9373.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Wolfram Research webMathematica 1.0.0 and 1.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the MSPStoreID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5035" + }, + { + "name": "webmathematica-dot-directory-traversal(9373)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9373.php" + }, + { + "name": "VU#664323", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/664323" + }, + { + "name": "20020617 Directory Traversal in Wolfram Research's webMathematica", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0174.html" + }, + { + "name": "http://support.wolfram.com/webmathematica/security/fileaccess.html", + "refsource": "CONFIRM", + "url": "http://support.wolfram.com/webmathematica/security/fileaccess.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1525.json b/2002/1xxx/CVE-2002-1525.json index 352e72d7035..9ae1670469c 100644 --- a/2002/1xxx/CVE-2002-1525.json +++ b/2002/1xxx/CVE-2002-1525.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020929 [LoWNOISE] \"Get Knowledge\" SunONE Starter Kit - Sun Microsystems/Astaware", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/293545" - }, - { - "name" : "5828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5828" - }, - { - "name" : "sunone-starterkit-search-traversal(10225)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10225.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020929 [LoWNOISE] \"Get Knowledge\" SunONE Starter Kit - Sun Microsystems/Astaware", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/293545" + }, + { + "name": "5828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5828" + }, + { + "name": "sunone-starterkit-search-traversal(10225)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10225.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1807.json b/2002/1xxx/CVE-2002-1807.json index 88e17268fb1..afbe7442968 100644 --- a/2002/1xxx/CVE-2002-1807.json +++ b/2002/1xxx/CVE-2002-1807.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html" - }, - { - "name" : "5802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5802" - }, - { - "name" : "cms-news-image-xss(10173)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10173.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5802" + }, + { + "name": "cms-news-image-xss(10173)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10173.php" + }, + { + "name": "20020924 ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0307.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1834.json b/2002/1xxx/CVE-2002-1834.json index 7d914393669..3e120f2bc3f 100644 --- a/2002/1xxx/CVE-2002-1834.json +++ b/2002/1xxx/CVE-2002-1834.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the \"print now\" queue or (2) read the scanner job history." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020517 Xerox DocuTech problems", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/273029" - }, - { - "name" : "20020518 Re: Xerox DocuTech problems", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/273078" - }, - { - "name" : "4766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4766" - }, - { - "name" : "xerox-docutech-insecure-configuration(9108)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9108.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the \"print now\" queue or (2) read the scanner job history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xerox-docutech-insecure-configuration(9108)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9108.php" + }, + { + "name": "20020518 Re: Xerox DocuTech problems", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/273078" + }, + { + "name": "20020517 Xerox DocuTech problems", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/273029" + }, + { + "name": "4766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4766" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1867.json b/2002/1xxx/CVE-2002-1867.json index 2f35b5c76d5..ca0599d3770 100644 --- a/2002/1xxx/CVE-2002-1867.json +++ b/2002/1xxx/CVE-2002-1867.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020609 [LoWNOISE] ImageFolio Pro 2.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102373053829427&w=2" - }, - { - "name" : "4975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4975" - }, - { - "name" : "imagefolio-setup-cgi-access(9308)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9308.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of BizDesign ImageFolio 2.23 through 2.26 does not control access to (1) admin/setup.cgi, which allows remote attackers to create an administrative account, or (2) admin/nph-build.cgi, which allows remote attackers to cause a denial of service (CPU consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imagefolio-setup-cgi-access(9308)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9308.php" + }, + { + "name": "4975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4975" + }, + { + "name": "20020609 [LoWNOISE] ImageFolio Pro 2.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102373053829427&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0305.json b/2003/0xxx/CVE-2003-0305.json index e14b647b608..393da9f9601 100644 --- a/2003/0xxx/CVE-2003-0305.json +++ b/2003/0xxx/CVE-2003-0305.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5608", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5608", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608" + }, + { + "name": "20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0681.json b/2003/0xxx/CVE-2003-0681.json index 22438455439..688d2650361 100644 --- a/2003/0xxx/CVE-2003-0681.json +++ b/2003/0xxx/CVE-2003-0681.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sendmail.org/8.12.10.html", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/8.12.10.html" - }, - { - "name" : "CLA-2003:742", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742" - }, - { - "name" : "MDKSA-2003:092", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092" - }, - { - "name" : "DSA-384", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-384" - }, - { - "name" : "RHSA-2003:283", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-283.html" - }, - { - "name" : "20030917 GLSA: sendmail (200309-13)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106383437615742&w=2" - }, - { - "name" : "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106398718909274&w=2" - }, - { - "name" : "VU#108964", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/108964" - }, - { - "name" : "8649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8649" - }, - { - "name" : "oval:org.mitre.oval:def:595", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595" - }, - { - "name" : "oval:org.mitre.oval:def:3606", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606" - }, - { - "name" : "sendmail-ruleset-parsing-bo(13216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106398718909274&w=2" + }, + { + "name": "http://www.sendmail.org/8.12.10.html", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/8.12.10.html" + }, + { + "name": "RHSA-2003:283", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-283.html" + }, + { + "name": "oval:org.mitre.oval:def:595", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595" + }, + { + "name": "MDKSA-2003:092", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092" + }, + { + "name": "oval:org.mitre.oval:def:3606", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606" + }, + { + "name": "VU#108964", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/108964" + }, + { + "name": "DSA-384", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-384" + }, + { + "name": "sendmail-ruleset-parsing-bo(13216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216" + }, + { + "name": "20030917 GLSA: sendmail (200309-13)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106383437615742&w=2" + }, + { + "name": "8649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8649" + }, + { + "name": "CLA-2003:742", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0720.json b/2003/0xxx/CVE-2003-0720.json index 65016decd29..56002b238ce 100644 --- a/2003/0xxx/CVE-2003-0720.json +++ b/2003/0xxx/CVE-2003-0720.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106322571805153&w=2" - }, - { - "name" : "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html" - }, - { - "name" : "http://www.idefense.com/advisory/09.10.03.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/09.10.03.txt" - }, - { - "name" : "RHSA-2003:273", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-273.html" - }, - { - "name" : "RHSA-2003:274", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-274.html" - }, - { - "name" : "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106329356702508&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:499", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:274", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-274.html" + }, + { + "name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html" + }, + { + "name": "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106329356702508&w=2" + }, + { + "name": "RHSA-2003:273", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-273.html" + }, + { + "name": "oval:org.mitre.oval:def:499", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499" + }, + { + "name": "http://www.idefense.com/advisory/09.10.03.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/09.10.03.txt" + }, + { + "name": "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106322571805153&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0886.json b/2003/0xxx/CVE-2003-0886.json index df6c193916d..cf9b1717aeb 100644 --- a/2003/0xxx/CVE-2003-0886.json +++ b/2003/0xxx/CVE-2003-0886.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SuSE-SA:2003:045", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_045_hylafax.html" - }, - { - "name" : "MDKSA-2003:105", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:105" - }, - { - "name" : "CLA-2003:783", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783" - }, - { - "name" : "DSA-401", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-401" - }, - { - "name" : "20031111 HylaFAX - Format String Vulnerability Fixed", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106858898708752&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-401", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-401" + }, + { + "name": "CLA-2003:783", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783" + }, + { + "name": "20031111 HylaFAX - Format String Vulnerability Fixed", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106858898708752&w=2" + }, + { + "name": "SuSE-SA:2003:045", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_045_hylafax.html" + }, + { + "name": "MDKSA-2003:105", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:105" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1272.json b/2003/1xxx/CVE-2003-1272.json index 4a102954b27..53f05bb6679 100644 --- a/2003/1xxx/CVE-2003-1272.json +++ b/2003/1xxx/CVE-2003-1272.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030104 WinAmp v.3.0: buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html" - }, - { - "name" : "winamp-b4s-playlistname-bo(10980)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10980.php" - }, - { - "name" : "winamp-b4s-path-bo(10981)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981" - }, - { - "name" : "6515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6515" - }, - { - "name" : "6516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030104 WinAmp v.3.0: buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html" + }, + { + "name": "6515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6515" + }, + { + "name": "winamp-b4s-playlistname-bo(10980)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10980.php" + }, + { + "name": "winamp-b4s-path-bo(10981)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981" + }, + { + "name": "6516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6516" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2308.json b/2004/2xxx/CVE-2004-2308.json index 1a3d42fc63a..ff13b616b9f 100644 --- a/2004/2xxx/CVE-2004-2308.json +++ b/2004/2xxx/CVE-2004-2308.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040312 Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/357231" - }, - { - "name" : "9853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9853" - }, - { - "name" : "cpanel-dir-xss(15485)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040312 Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/357231" + }, + { + "name": "9853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9853" + }, + { + "name": "cpanel-dir-xss(15485)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0185.json b/2012/0xxx/CVE-2012-0185.json index 578aa2ffa61..3b0065fe84b 100644 --- a/2012/0xxx/CVE-2012-0185.json +++ b/2012/0xxx/CVE-2012-0185.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka \"Excel MergeCells Record Heap Overflow Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-030", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030" - }, - { - "name" : "TA12-129A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14738", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738" - }, - { - "name" : "1027041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027041" - }, - { - "name" : "49112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49112" - }, - { - "name" : "ms-excel-mergecells-bo(75118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka \"Excel MergeCells Record Heap Overflow Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027041" + }, + { + "name": "oval:org.mitre.oval:def:14738", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14738" + }, + { + "name": "ms-excel-mergecells-bo(75118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75118" + }, + { + "name": "MS12-030", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030" + }, + { + "name": "49112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49112" + }, + { + "name": "TA12-129A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0203.json b/2012/0xxx/CVE-2012-0203.json index 185ce2e62bc..56beb581722 100644 --- a/2012/0xxx/CVE-2012-0203.json +++ b/2012/0xxx/CVE-2012-0203.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501" - }, - { - "name" : "infosphere-mw-xss(73254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "infosphere-mw-xss(73254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73254" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0268.json b/2012/0xxx/CVE-2012-0268.json index 3853edd5a05..d36ea9e6dc2 100644 --- a/2012/0xxx/CVE-2012-0268.json +++ b/2012/0xxx/CVE-2012-0268.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-0268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "47041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47041" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0728.json b/2012/0xxx/CVE-2012-0728.json index 716228e3b2c..910231c1ddb 100644 --- a/2012/0xxx/CVE-2012-0728.json +++ b/2012/0xxx/CVE-2012-0728.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" - }, - { - "name" : "IV17964", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" - }, - { - "name" : "50551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50551" - }, - { - "name" : "ibm-maximo-sql-injection-iv17964(74307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-maximo-sql-injection-iv17964(74307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74307" + }, + { + "name": "IV17964", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV17964" + }, + { + "name": "50551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50551" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0926.json b/2012/0xxx/CVE-2012-0926.json index d37b1eff7e6..2121034f7fa 100644 --- a/2012/0xxx/CVE-2012-0926.json +++ b/2012/0xxx/CVE-2012-0926.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/02062012_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/02062012_player/en/" - }, - { - "name" : "47896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47896" + }, + { + "name": "http://service.real.com/realplayer/security/02062012_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/02062012_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0965.json b/2012/0xxx/CVE-2012-0965.json index ae7fa040bea..ab9c7801843 100644 --- a/2012/0xxx/CVE-2012-0965.json +++ b/2012/0xxx/CVE-2012-0965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0965", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-0965", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1154.json b/2012/1xxx/CVE-2012-1154.json index a9ef900175d..1784432d223 100644 --- a/2012/1xxx/CVE-2012-1154.json +++ b/2012/1xxx/CVE-2012-1154.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when \"ROOT\" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=802200", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=802200" - }, - { - "name" : "https://community.jboss.org/message/624018", - "refsource" : "CONFIRM", - "url" : "https://community.jboss.org/message/624018" - }, - { - "name" : "https://issues.jboss.org/browse/MODCLUSTER-253", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/MODCLUSTER-253" - }, - { - "name" : "RHSA-2012:1010", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1010.html" - }, - { - "name" : "RHSA-2012:1011", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1011.html" - }, - { - "name" : "RHSA-2012:1012", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1012.html" - }, - { - "name" : "RHSA-2012:1052", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1052.html" - }, - { - "name" : "RHSA-2012:1053", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1053.html" - }, - { - "name" : "RHSA-2012:1166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1166.html" - }, - { - "name" : "49636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when \"ROOT\" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1012", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1012.html" + }, + { + "name": "RHSA-2012:1166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1166.html" + }, + { + "name": "RHSA-2012:1052", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1052.html" + }, + { + "name": "RHSA-2012:1053", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1053.html" + }, + { + "name": "https://issues.jboss.org/browse/MODCLUSTER-253", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/MODCLUSTER-253" + }, + { + "name": "49636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49636" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=802200", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=802200" + }, + { + "name": "RHSA-2012:1010", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1010.html" + }, + { + "name": "RHSA-2012:1011", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1011.html" + }, + { + "name": "https://community.jboss.org/message/624018", + "refsource": "CONFIRM", + "url": "https://community.jboss.org/message/624018" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1265.json b/2012/1xxx/CVE-2012-1265.json index 2e17a4a8fe7..00520cbdfeb 100644 --- a/2012/1xxx/CVE-2012-1265.json +++ b/2012/1xxx/CVE-2012-1265.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1265", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1265", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1563.json b/2012/1xxx/CVE-2012-1563.json index 482c0cb8d8f..978993543d9 100644 --- a/2012/1xxx/CVE-2012-1563.json +++ b/2012/1xxx/CVE-2012-1563.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1563", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1563", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1828.json b/2012/1xxx/CVE-2012-1828.json index da303fff68c..7c648942138 100644 --- a/2012/1xxx/CVE-2012-1828.json +++ b/2012/1xxx/CVE-2012-1828.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8RQL83", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8RQL83" - }, - { - "name" : "VU#773035", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/773035" - }, - { - "name" : "53716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53716" - }, - { - "name" : "49335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8RQL83", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8RQL83" + }, + { + "name": "VU#773035", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/773035" + }, + { + "name": "53716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53716" + }, + { + "name": "49335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49335" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1921.json b/2012/1xxx/CVE-2012-1921.json index 47a68943e5b..dd9c2852b3a 100644 --- a/2012/1xxx/CVE-2012-1921.json +++ b/2012/1xxx/CVE-2012-1921.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html", - "refsource" : "MISC", - "url" : "http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html" - }, - { - "name" : "http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html", + "refsource": "MISC", + "url": "http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html" + }, + { + "name": "http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4218.json b/2012/4xxx/CVE-2012-4218.json index 06d6da4b2e0..fed7bc2f5b8 100644 --- a/2012/4xxx/CVE-2012-4218.json +++ b/2012/4xxx/CVE-2012-4218.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=767765", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=767765" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "56640", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56640" - }, - { - "name" : "oval:org.mitre.oval:def:16885", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16885" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "56640", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56640" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=767765", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=767765" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "oval:org.mitre.oval:def:16885", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16885" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5323.json b/2012/5xxx/CVE-2012-5323.json index a83765d8751..514447efd7f 100644 --- a/2012/5xxx/CVE-2012-5323.json +++ b/2012/5xxx/CVE-2012-5323.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109987/Xavi-7968-ADSL-Router-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109987/Xavi-7968-ADSL-Router-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "52098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52098" - }, - { - "name" : "48050", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48050" - }, - { - "name" : "xavi-unspec-csrf(73354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in webconfig/admin_passwd/passwd.html/admin_passwd in Xavi X7968 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysUserName, sysPassword, and sysCfmPwd parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52098" + }, + { + "name": "http://packetstormsecurity.org/files/109987/Xavi-7968-ADSL-Router-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109987/Xavi-7968-ADSL-Router-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "name": "xavi-unspec-csrf(73354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73354" + }, + { + "name": "48050", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48050" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5772.json b/2012/5xxx/CVE-2012-5772.json index 444dccdc8b7..139554153da 100644 --- a/2012/5xxx/CVE-2012-5772.json +++ b/2012/5xxx/CVE-2012-5772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5772", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5772", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5979.json b/2012/5xxx/CVE-2012-5979.json index ca8d620eaec..31a5d8da5fd 100644 --- a/2012/5xxx/CVE-2012-5979.json +++ b/2012/5xxx/CVE-2012-5979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5979", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5079. Reason: This candidate is a duplicate of CVE-2012-5079. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5079 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5979", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5079. Reason: This candidate is a duplicate of CVE-2012-5079. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5079 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2510.json b/2017/2xxx/CVE-2017-2510.json index 9200342c9d2..adec2bb3b48 100644 --- a/2017/2xxx/CVE-2017-2510.json +++ b/2017/2xxx/CVE-2017-2510.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42067", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42067/" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98474" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with pageshow events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98474" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "42067", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42067/" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2531.json b/2017/2xxx/CVE-2017-2531.json index 39ed7da42f0..9f005b4be11 100644 --- a/2017/2xxx/CVE-2017-2531.json +++ b/2017/2xxx/CVE-2017-2531.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42104", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42104/" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98473" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "42104", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42104/" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + }, + { + "name": "98473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98473" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2892.json b/2017/2xxx/CVE-2017-2892.json index 795fbafbe57..f813c63f8cf 100644 --- a/2017/2xxx/CVE-2017-2892.json +++ b/2017/2xxx/CVE-2017-2892.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mongoose", - "version" : { - "version_data" : [ - { - "version_value" : "6.8" - } - ] - } - } - ] - }, - "vendor_name" : "Cesanta" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mongoose", + "version": { + "version_data": [ + { + "version_value": "6.8" + } + ] + } + } + ] + }, + "vendor_name": "Cesanta" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3412.json b/2017/3xxx/CVE-2017-3412.json index 0ba30c80e04..2841ae00ae7 100644 --- a/2017/3xxx/CVE-2017-3412.json +++ b/2017/3xxx/CVE-2017-3412.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3584.json b/2017/3xxx/CVE-2017-3584.json index 923f7f3dedc..46293c3d045 100644 --- a/2017/3xxx/CVE-2017-3584.json +++ b/2017/3xxx/CVE-2017-3584.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "AK 2013" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "AK 2013" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97781" - }, - { - "name" : "1038292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038292" + }, + { + "name": "97781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97781" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6063.json b/2017/6xxx/CVE-2017-6063.json index e024852fe74..a73cd27851a 100644 --- a/2017/6xxx/CVE-2017-6063.json +++ b/2017/6xxx/CVE-2017-6063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6063", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6063", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6377.json b/2017/6xxx/CVE-2017-6377.json index 7ade4195ae8..d9cd2a29f5b 100644 --- a/2017/6xxx/CVE-2017-6377.json +++ b/2017/6xxx/CVE-2017-6377.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@drupal.org", - "ID" : "CVE-2017-6377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drupal Core", - "version" : { - "version_data" : [ - { - "version_value" : "8.2.x versions before 8.2.7" - } - ] - } - } - ] - }, - "vendor_name" : "Drupal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Access Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", + "ID": "CVE-2017-6377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal Core", + "version": { + "version_data": [ + { + "version_value": "8.2.x versions before 8.2.7" + } + ] + } + } + ] + }, + "vendor_name": "Drupal" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/SA-2017-001", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-2017-001" - }, - { - "name" : "96919", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96919" - }, - { - "name" : "1038058", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038058", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038058" + }, + { + "name": "https://www.drupal.org/SA-2017-001", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-2017-001" + }, + { + "name": "96919", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96919" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6821.json b/2017/6xxx/CVE-2017-6821.json index 6b71f5ad0b8..4b4372f3f3d 100644 --- a/2017/6xxx/CVE-2017-6821.json +++ b/2017/6xxx/CVE-2017-6821.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wiki.zimbra.com/wiki/Security_Center", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Security_Center" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6" - }, - { - "name" : "98090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "name": "98090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98090" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6886.json b/2017/6xxx/CVE-2017-6886.json index 302c81e2409..68a799081e3 100644 --- a/2017/6xxx/CVE-2017-6886.json +++ b/2017/6xxx/CVE-2017-6886.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2017-6886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw", - "version" : { - "version_data" : [ - { - "version_value" : "0.x prior to 0.18.2" - } - ] - } - } - ] - }, - "vendor_name" : "LibRaw" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error within the \"parse_tiff_ifd()\" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2017-6886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "0.x prior to 0.18.2" + } + ] + } + } + ] + }, + "vendor_name": "LibRaw" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/advisories/75737/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/75737/" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/" - }, - { - "name" : "https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251", - "refsource" : "CONFIRM", - "url" : "https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251" - }, - { - "name" : "DSA-3950", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3950" - }, - { - "name" : "98605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error within the \"parse_tiff_ifd()\" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251", + "refsource": "CONFIRM", + "url": "https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/" + }, + { + "name": "98605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98605" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/advisories/75737/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/75737/" + }, + { + "name": "DSA-3950", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3950" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7088.json b/2017/7xxx/CVE-2017-7088.json index 37a5796484b..2962a6f6478 100644 --- a/2017/7xxx/CVE-2017-7088.json +++ b/2017/7xxx/CVE-2017-7088.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Exchange ActiveSync\" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "100892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100892" - }, - { - "name" : "1039385", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Exchange ActiveSync\" component. It allows remote attackers to erase a device in opportunistic circumstances by hijacking a cleartext AutoDiscover V1 session during the setup of an Exchange account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100892" + }, + { + "name": "1039385", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039385" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7153.json b/2017/7xxx/CVE-2017-7153.json index b5ae54ac8ca..7aaa557229a 100644 --- a/2017/7xxx/CVE-2017-7153.json +++ b/2017/7xxx/CVE-2017-7153.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208324", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208324" - }, - { - "name" : "https://support.apple.com/HT208325", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208325" - }, - { - "name" : "https://support.apple.com/HT208326", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208326" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208328", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208328" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "USN-3551-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3551-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "https://support.apple.com/HT208325", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208325" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "https://support.apple.com/HT208324", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208324" + }, + { + "name": "https://support.apple.com/HT208326", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208326" + }, + { + "name": "USN-3551-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3551-1/" + }, + { + "name": "https://support.apple.com/HT208328", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208328" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7199.json b/2017/7xxx/CVE-2017-7199.json index cd09c0a823e..32a5dc452f0 100644 --- a/2017/7xxx/CVE-2017-7199.json +++ b/2017/7xxx/CVE-2017-7199.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.html", - "refsource" : "MISC", - "url" : "https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-08", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-08" - }, - { - "name" : "97110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97110" - }, - { - "name" : "1038124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions that may allow a local attacker to escalate privileges when the software is running in Agent Mode. Version 6.10.4 fixes this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97110" + }, + { + "name": "https://www.tenable.com/security/tns-2017-08", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-08" + }, + { + "name": "https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.html", + "refsource": "MISC", + "url": "https://aspe1337.blogspot.nl/2017/04/writeup-of-cve-2017-7199.html" + }, + { + "name": "1038124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038124" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7242.json b/2017/7xxx/CVE-2017-7242.json index 603419d75b7..675a2e210d4 100644 --- a/2017/7xxx/CVE-2017-7242.json +++ b/2017/7xxx/CVE-2017-7242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.daimacn.com/post/10.html", - "refsource" : "MISC", - "url" : "http://www.daimacn.com/post/10.html" - }, - { - "name" : "97062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97062" + }, + { + "name": "http://www.daimacn.com/post/10.html", + "refsource": "MISC", + "url": "http://www.daimacn.com/post/10.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7416.json b/2017/7xxx/CVE-2017-7416.json index 48a9f2a7120..6bbf6b3a4d0 100644 --- a/2017/7xxx/CVE-2017-7416.json +++ b/2017/7xxx/CVE-2017-7416.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7758.json b/2017/7xxx/CVE-2017-7758.json index e79ea32746f..200a93f5e4c 100644 --- a/2017/7xxx/CVE-2017-7758.json +++ b/2017/7xxx/CVE-2017-7758.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read in Opus encoder" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368490", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368490" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" - }, - { - "name" : "DSA-3881", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3881" - }, - { - "name" : "DSA-3918", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3918" - }, - { - "name" : "RHSA-2017:1440", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1440" - }, - { - "name" : "RHSA-2017:1561", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1561" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read in Opus encoder" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "DSA-3918", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3918" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "DSA-3881", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3881" + }, + { + "name": "RHSA-2017:1440", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1440" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368490", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368490" + }, + { + "name": "RHSA-2017:1561", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1561" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7982.json b/2017/7xxx/CVE-2017-7982.json index 20c35db4740..1fbc408ab82 100644 --- a/2017/7xxx/CVE-2017-7982.json +++ b/2017/7xxx/CVE-2017-7982.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libimobiledevice/libplist/issues/103", - "refsource" : "CONFIRM", - "url" : "https://github.com/libimobiledevice/libplist/issues/103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libimobiledevice/libplist/issues/103", + "refsource": "CONFIRM", + "url": "https://github.com/libimobiledevice/libplist/issues/103" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10050.json b/2018/10xxx/CVE-2018-10050.json index 628481c43fa..9927f468142 100644 --- a/2018/10xxx/CVE-2018-10050.json +++ b/2018/10xxx/CVE-2018-10050.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iScripts eSwap v2.4 has SQL injection via the \"registration_settings.php\" ddlFree parameter in the Admin Panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pastebin.com/UDEsFq3u", - "refsource" : "MISC", - "url" : "https://pastebin.com/UDEsFq3u" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iScripts eSwap v2.4 has SQL injection via the \"registration_settings.php\" ddlFree parameter in the Admin Panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/UDEsFq3u", + "refsource": "MISC", + "url": "https://pastebin.com/UDEsFq3u" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10406.json b/2018/10xxx/CVE-2018-10406.json index 700267e78ae..03d6aaee946 100644 --- a/2018/10xxx/CVE-2018-10406.json +++ b/2018/10xxx/CVE-2018-10406.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/", - "refsource" : "MISC", - "url" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/", + "refsource": "MISC", + "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10466.json b/2018/10xxx/CVE-2018-10466.json index a365c72b6c2..4a8bb319f18 100644 --- a/2018/10xxx/CVE-2018-10466.json +++ b/2018/10xxx/CVE-2018-10466.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466", - "refsource" : "MISC", - "url" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466" - }, - { - "name" : "https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/active-directory-audit/adaudit-plus-release-notes.html" + }, + { + "name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466", + "refsource": "MISC", + "url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10466" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14155.json b/2018/14xxx/CVE-2018-14155.json index 75f1057c6f6..1634c742dca 100644 --- a/2018/14xxx/CVE-2018-14155.json +++ b/2018/14xxx/CVE-2018-14155.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14155", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14155", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14811.json b/2018/14xxx/CVE-2018-14811.json index 9c339cca737..b2a6069ecdb 100644 --- a/2018/14xxx/CVE-2018-14811.json +++ b/2018/14xxx/CVE-2018-14811.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-14811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "V-Server", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.3.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Fuji Electric" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNTRUSTED POINTER DEREFERENCE CWE-822" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-14811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "V-Server", + "version": { + "version_data": [ + { + "version_value": "4.0.3.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" - }, - { - "name" : "105341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNTRUSTED POINTER DEREFERENCE CWE-822" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01" + }, + { + "name": "105341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105341" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17106.json b/2018/17xxx/CVE-2018-17106.json index a632b57afdc..6d474176b0f 100644 --- a/2018/17xxx/CVE-2018-17106.json +++ b/2018/17xxx/CVE-2018-17106.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vbirds/Tinyftp/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/vbirds/Tinyftp/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/vbirds/Tinyftp/issues/4", + "refsource": "MISC", + "url": "https://github.com/vbirds/Tinyftp/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17408.json b/2018/17xxx/CVE-2018-17408.json index aa2449ba0ca..0aa5d73bab6 100644 --- a/2018/17xxx/CVE-2018-17408.json +++ b/2018/17xxx/CVE-2018-17408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45505", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45505/" - }, - { - "name" : "45560", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45560/" - }, - { - "name" : "https://blog.spentera.id/zahir-accounting-enterprise-plus-6/", - "refsource" : "MISC", - "url" : "https://blog.spentera.id/zahir-accounting-enterprise-plus-6/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.spentera.id/zahir-accounting-enterprise-plus-6/", + "refsource": "MISC", + "url": "https://blog.spentera.id/zahir-accounting-enterprise-plus-6/" + }, + { + "name": "45560", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45560/" + }, + { + "name": "45505", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45505/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17715.json b/2018/17xxx/CVE-2018-17715.json index e3ce7c2f95b..27f8011644a 100644 --- a/2018/17xxx/CVE-2018-17715.json +++ b/2018/17xxx/CVE-2018-17715.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17715", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17715", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20187.json b/2018/20xxx/CVE-2018-20187.json index 8ecf0ccda19..92333b0c6f6 100644 --- a/2018/20xxx/CVE-2018-20187.json +++ b/2018/20xxx/CVE-2018-20187.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://botan.randombit.net/news.html", - "refsource" : "MISC", - "url" : "https://botan.randombit.net/news.html" - }, - { - "name" : "https://botan.randombit.net/security.html", - "refsource" : "MISC", - "url" : "https://botan.randombit.net/security.html" - }, - { - "name" : "https://github.com/crocs-muni/ECTester", - "refsource" : "MISC", - "url" : "https://github.com/crocs-muni/ECTester" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/crocs-muni/ECTester", + "refsource": "MISC", + "url": "https://github.com/crocs-muni/ECTester" + }, + { + "name": "https://botan.randombit.net/news.html", + "refsource": "MISC", + "url": "https://botan.randombit.net/news.html" + }, + { + "name": "https://botan.randombit.net/security.html", + "refsource": "MISC", + "url": "https://botan.randombit.net/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20212.json b/2018/20xxx/CVE-2018-20212.json index dc56e2689a3..78834dfbdff 100644 --- a/2018/20xxx/CVE-2018-20212.json +++ b/2018/20xxx/CVE-2018-20212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20212", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20212", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20494.json b/2018/20xxx/CVE-2018-20494.json index e90826ad4d1..819c4b05db3 100644 --- a/2018/20xxx/CVE-2018-20494.json +++ b/2018/20xxx/CVE-2018-20494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9223.json b/2018/9xxx/CVE-2018-9223.json index cc1b837f1b1..ffc5b5e4e98 100644 --- a/2018/9xxx/CVE-2018-9223.json +++ b/2018/9xxx/CVE-2018-9223.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9223", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9223", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9473.json b/2018/9xxx/CVE-2018-9473.json index e7b4e982bbe..d0ec5dcd446 100644 --- a/2018/9xxx/CVE-2018-9473.json +++ b/2018/9xxx/CVE-2018-9473.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-9473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-9473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-10-01,", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-10-01," - }, - { - "name" : "105481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-10-01,", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-10-01," + }, + { + "name": "105481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105481" + }, + { + "name": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/external/libhevc/+/9f0fb67540d2259e4930d9bd5f1a1a6fb95af862" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9619.json b/2018/9xxx/CVE-2018-9619.json index ede4f2731f2..e49ac59f5d0 100644 --- a/2018/9xxx/CVE-2018-9619.json +++ b/2018/9xxx/CVE-2018-9619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9619", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9619", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9709.json b/2018/9xxx/CVE-2018-9709.json index 8290d41fdd4..213bdbd6438 100644 --- a/2018/9xxx/CVE-2018-9709.json +++ b/2018/9xxx/CVE-2018-9709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9942.json b/2018/9xxx/CVE-2018-9942.json index 441ea4fc940..72a50e1ab49 100644 --- a/2018/9xxx/CVE-2018-9942.json +++ b/2018/9xxx/CVE-2018-9942.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-704-Incorrect Type Conversion or Cast" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-326", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-326" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the record remove method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5376." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-704-Incorrect Type Conversion or Cast" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-326", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-326" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file