From 1b433b86cb0c61c04597ae1543b27fafbbe72640 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:43:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0062.json | 150 +++++++++--------- 2002/0xxx/CVE-2002-0499.json | 160 +++++++++---------- 2002/0xxx/CVE-2002-0603.json | 160 +++++++++---------- 2002/0xxx/CVE-2002-0631.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1070.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1189.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1290.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1417.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1767.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1978.json | 160 +++++++++---------- 2002/2xxx/CVE-2002-2137.json | 140 ++++++++--------- 2002/2xxx/CVE-2002-2178.json | 140 ++++++++--------- 2003/0xxx/CVE-2003-0066.json | 190 +++++++++++------------ 2003/0xxx/CVE-2003-0711.json | 220 +++++++++++++-------------- 2003/0xxx/CVE-2003-0734.json | 120 +++++++-------- 2003/0xxx/CVE-2003-0832.json | 120 +++++++-------- 2012/0xxx/CVE-2012-0271.json | 150 +++++++++--------- 2012/0xxx/CVE-2012-0342.json | 34 ++--- 2012/0xxx/CVE-2012-0393.json | 170 ++++++++++----------- 2012/0xxx/CVE-2012-0759.json | 120 +++++++-------- 2012/1xxx/CVE-2012-1157.json | 34 ++--- 2012/1xxx/CVE-2012-1162.json | 170 ++++++++++----------- 2012/1xxx/CVE-2012-1192.json | 120 +++++++-------- 2012/1xxx/CVE-2012-1326.json | 34 ++--- 2012/3xxx/CVE-2012-3060.json | 130 ++++++++-------- 2012/3xxx/CVE-2012-3118.json | 180 +++++++++++----------- 2012/3xxx/CVE-2012-3273.json | 140 ++++++++--------- 2012/4xxx/CVE-2012-4059.json | 140 ++++++++--------- 2012/4xxx/CVE-2012-4329.json | 180 +++++++++++----------- 2012/4xxx/CVE-2012-4467.json | 160 +++++++++---------- 2012/4xxx/CVE-2012-4729.json | 150 +++++++++--------- 2012/4xxx/CVE-2012-4897.json | 160 +++++++++---------- 2012/4xxx/CVE-2012-4925.json | 170 ++++++++++----------- 2017/2xxx/CVE-2017-2150.json | 130 ++++++++-------- 2017/2xxx/CVE-2017-2231.json | 160 +++++++++---------- 2017/2xxx/CVE-2017-2665.json | 150 +++++++++--------- 2017/6xxx/CVE-2017-6810.json | 130 ++++++++-------- 2017/6xxx/CVE-2017-6919.json | 140 ++++++++--------- 2017/7xxx/CVE-2017-7541.json | 270 ++++++++++++++++----------------- 2017/7xxx/CVE-2017-7568.json | 132 ++++++++-------- 2017/7xxx/CVE-2017-7772.json | 34 ++--- 2017/7xxx/CVE-2017-7962.json | 150 +++++++++--------- 2018/10xxx/CVE-2018-10099.json | 140 ++++++++--------- 2018/10xxx/CVE-2018-10637.json | 132 ++++++++-------- 2018/10xxx/CVE-2018-10642.json | 130 ++++++++-------- 2018/14xxx/CVE-2018-14630.json | 208 ++++++++++++------------- 2018/14xxx/CVE-2018-14749.json | 120 +++++++-------- 2018/14xxx/CVE-2018-14752.json | 34 ++--- 2018/14xxx/CVE-2018-14998.json | 130 ++++++++-------- 2018/15xxx/CVE-2018-15207.json | 34 ++--- 2018/15xxx/CVE-2018-15273.json | 34 ++--- 2018/20xxx/CVE-2018-20291.json | 34 ++--- 2018/20xxx/CVE-2018-20516.json | 34 ++--- 2018/9xxx/CVE-2018-9116.json | 120 +++++++-------- 2018/9xxx/CVE-2018-9152.json | 34 ++--- 2018/9xxx/CVE-2018-9297.json | 34 ++--- 2018/9xxx/CVE-2018-9496.json | 142 ++++++++--------- 2018/9xxx/CVE-2018-9713.json | 34 ++--- 58 files changed, 3676 insertions(+), 3676 deletions(-) diff --git a/2002/0xxx/CVE-2002-0062.json b/2002/0xxx/CVE-2002-0062.json index f17d1804bbf..ff7b5148ee1 100644 --- a/2002/0xxx/CVE-2002-0062.json +++ b/2002/0xxx/CVE-2002-0062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to \"routines for moving the physical cursor and scrolling.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2002:020", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-020.html" - }, - { - "name" : "DSA-113", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-113" - }, - { - "name" : "2116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2116" - }, - { - "name" : "gnu-ncurses-window-bo(8222)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8222.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to \"routines for moving the physical cursor and scrolling.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2116" + }, + { + "name": "DSA-113", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-113" + }, + { + "name": "RHSA-2002:020", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-020.html" + }, + { + "name": "gnu-ncurses-window-bo(8222)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8222.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0499.json b/2002/0xxx/CVE-2002-0499.json index 03f6508e078..82ba4995a70 100644 --- a/2002/0xxx/CVE-2002-0499.json +++ b/2002/0xxx/CVE-2002-0499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020326 d_path() truncating excessive long path name vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/264117" - }, - { - "name" : "http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html", - "refsource" : "MISC", - "url" : "http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html" - }, - { - "name" : "4367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4367" - }, - { - "name" : "linux-dpath-truncate-path(8634)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8634.php" - }, - { - "name" : "20020326 [VulnWatch] d_path() truncating excessive long path name vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020326 [VulnWatch] d_path() truncating excessive long path name vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html" + }, + { + "name": "linux-dpath-truncate-path(8634)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8634.php" + }, + { + "name": "4367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4367" + }, + { + "name": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html", + "refsource": "MISC", + "url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html" + }, + { + "name": "20020326 d_path() truncating excessive long path name vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/264117" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0603.json b/2002/0xxx/CVE-2002-0603.json index bd422c5a6f4..0bb5dad66d2 100644 --- a/2002/0xxx/CVE-2002-0603.json +++ b/2002/0xxx/CVE-2002-0603.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102035583114759&w=2" - }, - { - "name" : "20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html" - }, - { - "name" : "http://www.snapgear.com/releases.html", - "refsource" : "CONFIRM", - "url" : "http://www.snapgear.com/releases.html" - }, - { - "name" : "snapgear-vpn-ipsec-dos(8987)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8987.php" - }, - { - "name" : "4659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denial of service (IPSEC crash) via a zero length packet to UDP port 500." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.snapgear.com/releases.html", + "refsource": "CONFIRM", + "url": "http://www.snapgear.com/releases.html" + }, + { + "name": "snapgear-vpn-ipsec-dos(8987)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8987.php" + }, + { + "name": "20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html" + }, + { + "name": "20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102035583114759&w=2" + }, + { + "name": "4659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4659" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0631.json b/2002/0xxx/CVE-2002-0631.json index db6ebd712e6..c709a442bcf 100644 --- a/2002/0xxx/CVE-2002-0631.json +++ b/2002/0xxx/CVE-2002-0631.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020607-02-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I" - }, - { - "name" : "5092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5092" - }, - { - "name" : "irix-nveventd-file-write(9418)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9418.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5092" + }, + { + "name": "irix-nveventd-file-write(9418)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9418.php" + }, + { + "name": "20020607-02-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1070.json b/2002/1xxx/CVE-2002-1070.json index e3b2b7cb0bf..d693a1a2f09 100644 --- a/2002/1xxx/CVE-2002-1070.json +++ b/2002/1xxx/CVE-2002-1070.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020716 Wiki module postnuke Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html" - }, - { - "name" : "phpwiki-xss(9627)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9627.php" - }, - { - "name" : "5254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5254" + }, + { + "name": "phpwiki-xss(9627)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9627.php" + }, + { + "name": "20020716 Wiki module postnuke Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1189.json b/2002/1xxx/CVE-2002-1189.json index c7ea6efd0c2..9b014101b5c 100644 --- a/2002/1xxx/CVE-2002-1189.json +++ b/2002/1xxx/CVE-2002-1189.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021004 Predefined Restriction Tables Allow Calls to International Operator", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml" - }, - { - "name" : "cisco-unity-insecure-configuration(10282)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10282.php" - }, - { - "name" : "5896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-unity-insecure-configuration(10282)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10282.php" + }, + { + "name": "20021004 Predefined Restriction Tables Allow Calls to International Operator", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml" + }, + { + "name": "5896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5896" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1290.json b/2002/1xxx/CVE-2002-1290.json index 70ff821199a..6565a41534f 100644 --- a/2002/1xxx/CVE-2002-1290.json +++ b/2002/1xxx/CVE-2002-1290.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021108 Technical information about unpatched MS Java vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103682630823080&w=2" - }, - { - "name" : "20021108 Technical information about unpatched MS Java vulnerabilities", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2" - }, - { - "name" : "6132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6132" - }, - { - "name" : "msvm-inativeservices-clipboard-access(10583)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10583.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6132" + }, + { + "name": "20021108 Technical information about unpatched MS Java vulnerabilities", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=103684360031565&w=2" + }, + { + "name": "msvm-inativeservices-clipboard-access(10583)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10583.php" + }, + { + "name": "20021108 Technical information about unpatched MS Java vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103682630823080&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1417.json b/2002/1xxx/CVE-2002-1417.json index f7789a74b87..ed8ab687261 100644 --- a/2002/1xxx/CVE-2002-1417.json +++ b/2002/1xxx/CVE-2002-1417.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a \"..%5c\" sequence (modified dot-dot), which is mapped to the directory separator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html" - }, - { - "name" : "http://support.novell.com/servlet/tidfinder/2963297", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2963297" - }, - { - "name" : "5523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5523" - }, - { - "name" : "novell-netbasic-directory-traversal(9910)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9910.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a \"..%5c\" sequence (modified dot-dot), which is mapped to the directory separator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html" + }, + { + "name": "http://support.novell.com/servlet/tidfinder/2963297", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2963297" + }, + { + "name": "novell-netbasic-directory-traversal(9910)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9910.php" + }, + { + "name": "5523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5523" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1767.json b/2002/1xxx/CVE-2002-1767.json index 6c41612ba91..4622044cad4 100644 --- a/2002/1xxx/CVE-2002-1767.json +++ b/2002/1xxx/CVE-2002-1767.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020401 Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/265452" - }, - { - "name" : "4413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4413" - }, - { - "name" : "oracle-tnslsnr-command-line-bo(8772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-tnslsnr-command-line-bo(8772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8772" + }, + { + "name": "20020401 Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/265452" + }, + { + "name": "4413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4413" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1978.json b/2002/1xxx/CVE-2002-1978.json index bea62f4ebf9..4c024bbc8c8 100644 --- a/2002/1xxx/CVE-2002-1978.json +++ b/2002/1xxx/CVE-2002-1978.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2002-024", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc" - }, - { - "name" : "VU#328867", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/328867" - }, - { - "name" : "1005442", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005442" - }, - { - "name" : "6010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6010" - }, - { - "name" : "ip-filter-bypass-firewall(10409)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10409.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewall rules by sending a PASV command string as the argument of another command to an FTP server, which generates a response that contains the string, causing IPFilter to treat the response as if it were a legitimate PASV command from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ip-filter-bypass-firewall(10409)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10409.php" + }, + { + "name": "6010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6010" + }, + { + "name": "1005442", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005442" + }, + { + "name": "VU#328867", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/328867" + }, + { + "name": "NetBSD-SA2002-024", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-024.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2137.json b/2002/2xxx/CVE-2002-2137.json index 75d895f20b2..19ba937274f 100644 --- a/2002/2xxx/CVE-2002-2137.json +++ b/2002/2xxx/CVE-2002-2137.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a \"getsearch\" request to UDP port 27155." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021103 Accesspoints disclose wep keys, password and mac filter (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/298432" - }, - { - "name" : "6100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6100" - }, - { - "name" : "ieee80211b-ap-information-disclosure(10536)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10536.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a \"getsearch\" request to UDP port 27155." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6100" + }, + { + "name": "ieee80211b-ap-information-disclosure(10536)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10536.php" + }, + { + "name": "20021103 Accesspoints disclose wep keys, password and mac filter (fwd)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/298432" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2178.json b/2002/2xxx/CVE-2002-2178.json index 164dfb6f372..d00363b0aa2 100644 --- a/2002/2xxx/CVE-2002-2178.json +++ b/2002/2xxx/CVE-2002-2178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021002 phpWebSite XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/293879" - }, - { - "name" : "5864", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5864" - }, - { - "name" : "phpwebsite-img-article-xss(10256)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10256.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5864", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5864" + }, + { + "name": "20021002 phpWebSite XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/293879" + }, + { + "name": "phpwebsite-img-article-xss(10256)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10256.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0066.json b/2003/0xxx/CVE-2003-0066.json index 636e500c222..b143badde90 100644 --- a/2003/0xxx/CVE-2003-0066.json +++ b/2003/0xxx/CVE-2003-0066.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2" - }, - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" - }, - { - "name" : "200303-16", - "refsource" : "GENTOO", - "url" : "http://www.securityfocus.com/advisories/5137" - }, - { - "name" : "MDKSA-2003:003", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003" - }, - { - "name" : "RHSA-2003:054", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html" - }, - { - "name" : "RHSA-2003:055", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html" - }, - { - "name" : "6953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6953" - }, - { - "name" : "terminal-emulator-window-title(11414)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11414.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "200303-16", + "refsource": "GENTOO", + "url": "http://www.securityfocus.com/advisories/5137" + }, + { + "name": "MDKSA-2003:003", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003" + }, + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2" + }, + { + "name": "RHSA-2003:054", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-054.html" + }, + { + "name": "RHSA-2003:055", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-055.html" + }, + { + "name": "6953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6953" + }, + { + "name": "terminal-emulator-window-title(11414)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11414.php" + }, + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0711.json b/2003/0xxx/CVE-2003-0711.json index f5596a57d95..cb092a5f9be 100644 --- a/2003/0xxx/CVE-2003-0711.json +++ b/2003/0xxx/CVE-2003-0711.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106631908105696&w=2" - }, - { - "name" : "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=106632194809632&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/ms-pchealth.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/ms-pchealth.txt" - }, - { - "name" : "MS03-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-044" - }, - { - "name" : "CA-2003-27", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-27.html" - }, - { - "name" : "VU#467036", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/467036" - }, - { - "name" : "8828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8828" - }, - { - "name" : "oval:org.mitre.oval:def:217", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A217" - }, - { - "name" : "oval:org.mitre.oval:def:3685", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3685" - }, - { - "name" : "oval:org.mitre.oval:def:3889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3889" - }, - { - "name" : "oval:org.mitre.oval:def:4706", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#467036", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/467036" + }, + { + "name": "oval:org.mitre.oval:def:3889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3889" + }, + { + "name": "oval:org.mitre.oval:def:3685", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3685" + }, + { + "name": "CA-2003-27", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-27.html" + }, + { + "name": "8828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8828" + }, + { + "name": "oval:org.mitre.oval:def:4706", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4706" + }, + { + "name": "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106631908105696&w=2" + }, + { + "name": "http://www.ngssoftware.com/advisories/ms-pchealth.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/ms-pchealth.txt" + }, + { + "name": "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=106632194809632&w=2" + }, + { + "name": "oval:org.mitre.oval:def:217", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A217" + }, + { + "name": "MS03-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-044" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0734.json b/2003/0xxx/CVE-2003-0734.json index 76c90fa4701..ddaf20dd2bd 100644 --- a/2003/0xxx/CVE-2003-0734.json +++ b/2003/0xxx/CVE-2003-0734.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2003:088", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2003:088", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:088" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0832.json b/2003/0xxx/CVE-2003-0832.json index 1760877595e..075ecdd8a65 100644 --- a/2003/0xxx/CVE-2003-0832.json +++ b/2003/0xxx/CVE-2003-0832.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-392", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-392", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-392" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0271.json b/2012/0xxx/CVE-2012-0271.json index 191394de72d..550c06e0d3e 100644 --- a/2012/0xxx/CVE-2012-0271.json +++ b/2012/0xxx/CVE-2012-0271.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-0271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61", - "refsource" : "MISC", - "url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7010769", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7010769" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=746199", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=746199" - }, - { - "name" : "85426", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7010769", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7010769" + }, + { + "name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61", + "refsource": "MISC", + "url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=61&Itemid=61" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=746199", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=746199" + }, + { + "name": "85426", + "refsource": "OSVDB", + "url": "http://osvdb.org/85426" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0342.json b/2012/0xxx/CVE-2012-0342.json index f9fddeabf41..07b91f963d7 100644 --- a/2012/0xxx/CVE-2012-0342.json +++ b/2012/0xxx/CVE-2012-0342.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0342", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0342", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0393.json b/2012/0xxx/CVE-2012-0393.json index 353255fb93e..8ff4e7202ee 100644 --- a/2012/0xxx/CVE-2012-0393.json +++ b/2012/0xxx/CVE-2012-0393.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" - }, - { - "name" : "18329", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18329" - }, - { - "name" : "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" - }, - { - "name" : "http://struts.apache.org/2.x/docs/s2-008.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/2.x/docs/s2-008.html" - }, - { - "name" : "http://struts.apache.org/2.x/docs/version-notes-2311.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/2.x/docs/version-notes-2311.html" - }, - { - "name" : "47393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18329", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18329" + }, + { + "name": "20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" + }, + { + "name": "http://struts.apache.org/2.x/docs/version-notes-2311.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" + }, + { + "name": "http://struts.apache.org/2.x/docs/s2-008.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/2.x/docs/s2-008.html" + }, + { + "name": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" + }, + { + "name": "47393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47393" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0759.json b/2012/0xxx/CVE-2012-0759.json index a037e37abb0..690bcbcd866 100644 --- a/2012/0xxx/CVE-2012-0759.json +++ b/2012/0xxx/CVE-2012-0759.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1157.json b/2012/1xxx/CVE-2012-1157.json index 98662a26b36..36b88405ddb 100644 --- a/2012/1xxx/CVE-2012-1157.json +++ b/2012/1xxx/CVE-2012-1157.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1157", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1157", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1162.json b/2012/1xxx/CVE-2012-1162.json index a1dd70839ea..8c163c1d210 100644 --- a/2012/1xxx/CVE-2012-1162.json +++ b/2012/1xxx/CVE-2012-1162.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", - "refsource" : "MLIST", - "url" : "http://nih.at/listarchive/libzip-discuss/msg00252.html" - }, - { - "name" : "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/21/2" - }, - { - "name" : "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/29/11" - }, - { - "name" : "http://www.nih.at/libzip/NEWS.html", - "refsource" : "CONFIRM", - "url" : "http://www.nih.at/libzip/NEWS.html" - }, - { - "name" : "GLSA-201203-23", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml" - }, - { - "name" : "MDVSA-2012:034", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an \"incorrect loop construct.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release", + "refsource": "MLIST", + "url": "http://nih.at/listarchive/libzip-discuss/msg00252.html" + }, + { + "name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/21/2" + }, + { + "name": "MDVSA-2012:034", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034" + }, + { + "name": "http://www.nih.at/libzip/NEWS.html", + "refsource": "CONFIRM", + "url": "http://www.nih.at/libzip/NEWS.html" + }, + { + "name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/29/11" + }, + { + "name": "GLSA-201203-23", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1192.json b/2012/1xxx/CVE-2012-1192.json index aa3b200f732..0ab57626498 100644 --- a/2012/1xxx/CVE-2012-1192.json +++ b/2012/1xxx/CVE-2012-1192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.isc.org/files/imce/ghostdomain_camera.pdf", - "refsource" : "MISC", - "url" : "https://www.isc.org/files/imce/ghostdomain_camera.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.isc.org/files/imce/ghostdomain_camera.pdf", + "refsource": "MISC", + "url": "https://www.isc.org/files/imce/ghostdomain_camera.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1326.json b/2012/1xxx/CVE-2012-1326.json index 8ad544f62e6..1ab53c52dc9 100644 --- a/2012/1xxx/CVE-2012-1326.json +++ b/2012/1xxx/CVE-2012-1326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3060.json b/2012/3xxx/CVE-2012-3060.json index 6d6bfbfabd8..991fa21f81a 100644 --- a/2012/3xxx/CVE-2012-3060.json +++ b/2012/3xxx/CVE-2012-3060.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/web/software/282074295/93949/cucm-readme-862asu2-Rev2.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/web/software/282074295/93949/cucm-readme-862asu2-Rev2.pdf" - }, - { - "name" : "cisco-uc-udp-dos(78922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-uc-udp-dos(78922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78922" + }, + { + "name": "http://www.cisco.com/web/software/282074295/93949/cucm-readme-862asu2-Rev2.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/web/software/282074295/93949/cucm-readme-862asu2-Rev2.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3118.json b/2012/3xxx/CVE-2012-3118.json index a604f10e095..5470dff66e2 100644 --- a/2012/3xxx/CVE-2012-3118.json +++ b/2012/3xxx/CVE-2012-3118.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54534" - }, - { - "name" : "83965", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83965" - }, - { - "name" : "1027265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027265" - }, - { - "name" : "49951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49951" - }, - { - "name" : "peoplesoftenterprise-ptpanproc-info-disc(77026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "peoplesoftenterprise-ptpanproc-info-disc(77026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77026" + }, + { + "name": "54534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54534" + }, + { + "name": "49951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49951" + }, + { + "name": "83965", + "refsource": "OSVDB", + "url": "http://osvdb.org/83965" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "1027265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027265" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3273.json b/2012/3xxx/CVE-2012-3273.json index cb0606b6151..fa4a31b4035 100644 --- a/2012/3xxx/CVE-2012-3273.json +++ b/2012/3xxx/CVE-2012-3273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02807", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03464042" - }, - { - "name" : "SSRT100928", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03464042" - }, - { - "name" : "1027840", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M425 with firmware 20120625 and LaserJet 400 M401 with firmware 20120621 allow remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02807", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03464042" + }, + { + "name": "SSRT100928", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03464042" + }, + { + "name": "1027840", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027840" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4059.json b/2012/4xxx/CVE-2012-4059.json index 085990de266..12921e39f1b 100644 --- a/2012/4xxx/CVE-2012-4059.json +++ b/2012/4xxx/CVE-2012-4059.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" - }, - { - "name" : "81531", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81531" - }, - { - "name" : "socketmailpro-secretqtn-csrf(75114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "name": "socketmailpro-secretqtn-csrf(75114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75114" + }, + { + "name": "81531", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81531" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4329.json b/2012/4xxx/CVE-2012-4329.json index 9ba7e94f799..47b34decf8f 100644 --- a/2012/4xxx/CVE-2012-4329.json +++ b/2012/4xxx/CVE-2012-4329.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120419 Vulnerabilities in Samsung TV (remote controller protocol)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html" - }, - { - "name" : "18751", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18751" - }, - { - "name" : "http://aluigi.org/adv/samsux_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/samsux_1-adv.txt" - }, - { - "name" : "53161", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53161" - }, - { - "name" : "81221", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81221" - }, - { - "name" : "1026976", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026976" - }, - { - "name" : "samsungtv-controller-packet-dos(74927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74927" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "samsungtv-controller-packet-dos(74927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74927" + }, + { + "name": "53161", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53161" + }, + { + "name": "20120419 Vulnerabilities in Samsung TV (remote controller protocol)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html" + }, + { + "name": "81221", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81221" + }, + { + "name": "http://aluigi.org/adv/samsux_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/samsux_1-adv.txt" + }, + { + "name": "18751", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18751" + }, + { + "name": "1026976", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026976" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4467.json b/2012/4xxx/CVE-2012-4467.json index 4a13240567a..9fb2a6fbc77 100644 --- a/2012/4xxx/CVE-2012-4467.json +++ b/2012/4xxx/CVE-2012-4467.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121003 Re: CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d" - }, - { - "name" : "55785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a crafted ioctl call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4" + }, + { + "name": "55785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55785" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d" + }, + { + "name": "https://github.com/torvalds/linux/commit/ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ed6fe9d614fc1bca95eb8c0ccd0e92db00ef9d5d" + }, + { + "name": "[oss-security] 20121003 Re: CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/2" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4729.json b/2012/4xxx/CVE-2012-4729.json index 8e26a603282..0ff9aa9b3b0 100644 --- a/2012/4xxx/CVE-2012-4729.json +++ b/2012/4xxx/CVE-2012-4729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121009 WingFTP Server Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0052.html" - }, - { - "name" : "http://www.wftpserver.com/serverhistory.htm", - "refsource" : "CONFIRM", - "url" : "http://www.wftpserver.com/serverhistory.htm" - }, - { - "name" : "55847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55847" - }, - { - "name" : "86132", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wing FTP Server before 4.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via two zip commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121009 WingFTP Server Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0052.html" + }, + { + "name": "55847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55847" + }, + { + "name": "86132", + "refsource": "OSVDB", + "url": "http://osvdb.org/86132" + }, + { + "name": "http://www.wftpserver.com/serverhistory.htm", + "refsource": "CONFIRM", + "url": "http://www.wftpserver.com/serverhistory.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4897.json b/2012/4xxx/CVE-2012-4897.json index 82adacf7204..520952bc074 100644 --- a/2012/4xxx/CVE-2012-4897.json +++ b/2012/4xxx/CVE-2012-4897.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" - }, - { - "name" : "55802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55802" - }, - { - "name" : "85957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85957" - }, - { - "name" : "vmware-movie-code-execution(79046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer in VMware Movie Decoder before 9.0 allows local users to gain privileges via a Trojan horse executable file in the installer directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" + }, + { + "name": "55802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55802" + }, + { + "name": "vmware-movie-code-execution(79046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79046" + }, + { + "name": "85957", + "refsource": "OSVDB", + "url": "http://osvdb.org/85957" + }, + { + "name": "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4925.json b/2012/4xxx/CVE-2012-4925.json index b3f93f03ef2..54d5686c3e9 100644 --- a/2012/4xxx/CVE-2012-4925.json +++ b/2012/4xxx/CVE-2012-4925.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120228 ImgPals Photo Host Version 1.0 Admin Account Disactivation", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0180.html" - }, - { - "name" : "18544", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18544" - }, - { - "name" : "52195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52195" - }, - { - "name" : "79670", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79670" - }, - { - "name" : "48182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48182" - }, - { - "name" : "imgpalsphotohost-approve-sql-injection(73526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48182" + }, + { + "name": "52195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52195" + }, + { + "name": "18544", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18544" + }, + { + "name": "20120228 ImgPals Photo Host Version 1.0 Admin Account Disactivation", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0180.html" + }, + { + "name": "imgpalsphotohost-approve-sql-injection(73526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73526" + }, + { + "name": "79670", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79670" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2150.json b/2017/2xxx/CVE-2017-2150.json index 7eb9671a6dc..a3360c36bd7 100644 --- a/2017/2xxx/CVE-2017-2150.json +++ b/2017/2xxx/CVE-2017-2150.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Booking Calendar", - "version" : { - "version_data" : [ - { - "version_value" : "version 7.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "wpdevelop" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Booking Calendar", + "version": { + "version_data": [ + { + "version_value": "version 7.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "wpdevelop" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wpbookingcalendar.com/changelog/", - "refsource" : "MISC", - "url" : "http://wpbookingcalendar.com/changelog/" - }, - { - "name" : "JVN#18739672", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN18739672/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wpbookingcalendar.com/changelog/", + "refsource": "MISC", + "url": "http://wpbookingcalendar.com/changelog/" + }, + { + "name": "JVN#18739672", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN18739672/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2231.json b/2017/2xxx/CVE-2017-2231.json index 6b449fac4ad..fc494d33112 100644 --- a/2017/2xxx/CVE-2017-2231.json +++ b/2017/2xxx/CVE-2017-2231.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system", - "version" : { - "version_data" : [ - { - "version_value" : "Ver3.02 and earlier, distributed till June 20, 2017" - } - ] - } - }, - { - "product_name" : "The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system", - "version" : { - "version_data" : [ - { - "version_value" : "Ver3.02 and earlier, distributed till June 20, 2017" - } - ] - } - } - ] - }, - "vendor_name" : "Ministry of Land, Infrastructure, Transport and Tourism, Japan" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017, The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system", + "version": { + "version_data": [ + { + "version_value": "Ver3.02 and earlier, distributed till June 20, 2017" + } + ] + } + }, + { + "product_name": "The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system", + "version": { + "version_data": [ + { + "version_value": "Ver3.02 and earlier, distributed till June 20, 2017" + } + ] + } + } + ] + }, + "vendor_name": "Ministry of Land, Infrastructure, Transport and Tourism, Japan" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mlit.go.jp/common/001189444.pdf", - "refsource" : "MISC", - "url" : "http://www.mlit.go.jp/common/001189444.pdf" - }, - { - "name" : "http://www.mlit.go.jp/gobuild/gobuild_cals_sysv3.html", - "refsource" : "MISC", - "url" : "http://www.mlit.go.jp/gobuild/gobuild_cals_sysv3.html" - }, - { - "name" : "JVN#06337557", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06337557/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017, The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mlit.go.jp/gobuild/gobuild_cals_sysv3.html", + "refsource": "MISC", + "url": "http://www.mlit.go.jp/gobuild/gobuild_cals_sysv3.html" + }, + { + "name": "JVN#06337557", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06337557/index.html" + }, + { + "name": "http://www.mlit.go.jp/common/001189444.pdf", + "refsource": "MISC", + "url": "http://www.mlit.go.jp/common/001189444.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2665.json b/2017/2xxx/CVE-2017-2665.json index 7a3de2a5c52..7b4338de2a9 100644 --- a/2017/2xxx/CVE-2017-2665.json +++ b/2017/2xxx/CVE-2017-2665.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-2665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rhscon-core", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rhscon-core", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665" - }, - { - "name" : "97612", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97612", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97612" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2665" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6810.json b/2017/6xxx/CVE-2017-6810.json index 88105e5924f..7b63fd5e7c7 100644 --- a/2017/6xxx/CVE-2017-6810.json +++ b/2017/6xxx/CVE-2017-6810.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/20", - "refsource" : "CONFIRM", - "url" : "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/20" - }, - { - "name" : "96939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/20", + "refsource": "CONFIRM", + "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/20" + }, + { + "name": "96939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96939" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6919.json b/2017/6xxx/CVE-2017-6919.json index 7b50bf4df06..236e80283ee 100644 --- a/2017/6xxx/CVE-2017-6919.json +++ b/2017/6xxx/CVE-2017-6919.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@drupal.org", - "ID" : "CVE-2017-6919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Drupal", - "version" : { - "version_data" : [ - { - "version_value" : "Drupal" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "access bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@drupal.org", + "ID": "CVE-2017-6919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Drupal", + "version": { + "version_data": [ + { + "version_value": "Drupal" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.drupal.org/SA-CORE-2017-002", - "refsource" : "CONFIRM", - "url" : "https://www.drupal.org/SA-CORE-2017-002" - }, - { - "name" : "97941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97941" - }, - { - "name" : "1038371", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "access bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97941" + }, + { + "name": "https://www.drupal.org/SA-CORE-2017-002", + "refsource": "CONFIRM", + "url": "https://www.drupal.org/SA-CORE-2017-002" + }, + { + "name": "1038371", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038371" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7541.json b/2017/7xxx/CVE-2017-7541.json index 495896c80b7..96a4cc1a601 100644 --- a/2017/7xxx/CVE-2017-7541.json +++ b/2017/7xxx/CVE-2017-7541.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel before 4.12.3", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel before 4.12.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "memory corruption" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel before 4.12.3", + "version": { + "version_data": [ + { + "version_value": "Linux kernel before 4.12.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c" - }, - { - "name" : "http://openwall.com/lists/oss-security/2017/07/24/2", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/07/24/2" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1049645", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1049645" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473198", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473198" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c" - }, - { - "name" : "https://www.spinics.net/lists/stable/msg180994.html", - "refsource" : "CONFIRM", - "url" : "https://www.spinics.net/lists/stable/msg180994.html" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "DSA-3927", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3927" - }, - { - "name" : "DSA-3945", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3945" - }, - { - "name" : "RHSA-2017:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2918" - }, - { - "name" : "RHSA-2017:2930", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2930" - }, - { - "name" : "RHSA-2017:2931", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2931" - }, - { - "name" : "RHSA-2017:2863", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2863" - }, - { - "name" : "99955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99955" - }, - { - "name" : "1038981", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3927", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3927" + }, + { + "name": "https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c" + }, + { + "name": "99955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99955" + }, + { + "name": "RHSA-2017:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2918" + }, + { + "name": "RHSA-2017:2931", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2931" + }, + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473198", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473198" + }, + { + "name": "RHSA-2017:2863", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2863" + }, + { + "name": "1038981", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038981" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1049645", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1049645" + }, + { + "name": "DSA-3945", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3945" + }, + { + "name": "https://www.spinics.net/lists/stable/msg180994.html", + "refsource": "CONFIRM", + "url": "https://www.spinics.net/lists/stable/msg180994.html" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/07/24/2", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/07/24/2" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c" + }, + { + "name": "RHSA-2017:2930", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2930" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7568.json b/2017/7xxx/CVE-2017-7568.json index 1c52a2e3304..defc55b00b9 100644 --- a/2017/7xxx/CVE-2017-7568.json +++ b/2017/7xxx/CVE-2017-7568.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2018-06-21T00:00:00", - "ID" : "CVE-2017-7568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OnCommand Unified Manager for 7-Mode (core package)", - "version" : { - "version_data" : [ - { - "version_value" : "Versions below 5.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sensitive Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2018-06-21T00:00:00", + "ID": "CVE-2017-7568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OnCommand Unified Manager for 7-Mode (core package)", + "version": { + "version_data": [ + { + "version_value": "Versions below 5.2.3" + } + ] + } + } + ] + }, + "vendor_name": "NetApp " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20180621-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180621-0001/" - }, - { - "name" : "104536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp OnCommand Unified Manager for 7-Mode (core package) versions prior to 5.2.3 may disclose sensitive LDAP account information to authenticated users when the LDAP authentication configuration is tested via the user interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20180621-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180621-0001/" + }, + { + "name": "104536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104536" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7772.json b/2017/7xxx/CVE-2017-7772.json index 0aeb80be0b1..9204ab0bfd8 100644 --- a/2017/7xxx/CVE-2017-7772.json +++ b/2017/7xxx/CVE-2017-7772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7772", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7772", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7962.json b/2017/7xxx/CVE-2017-7962.json index 8cdfe1ad159..5aa1d06a0ba 100644 --- a/2017/7xxx/CVE-2017-7962.json +++ b/2017/7xxx/CVE-2017-7962.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/17/imageworsener-divide-by-zero-in-iwgif_record_pixel-imagew-gif-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/17/imageworsener-divide-by-zero-in-iwgif_record_pixel-imagew-gif-c/" - }, - { - "name" : "https://github.com/jsummers/imageworsener/commit/ca3356eb49fee03e2eaf6b6aff826988c1122d93", - "refsource" : "MISC", - "url" : "https://github.com/jsummers/imageworsener/commit/ca3356eb49fee03e2eaf6b6aff826988c1122d93" - }, - { - "name" : "https://github.com/jsummers/imageworsener/issues/15", - "refsource" : "MISC", - "url" : "https://github.com/jsummers/imageworsener/issues/15" - }, - { - "name" : "GLSA-201706-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/04/17/imageworsener-divide-by-zero-in-iwgif_record_pixel-imagew-gif-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/17/imageworsener-divide-by-zero-in-iwgif_record_pixel-imagew-gif-c/" + }, + { + "name": "GLSA-201706-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-06" + }, + { + "name": "https://github.com/jsummers/imageworsener/commit/ca3356eb49fee03e2eaf6b6aff826988c1122d93", + "refsource": "MISC", + "url": "https://github.com/jsummers/imageworsener/commit/ca3356eb49fee03e2eaf6b6aff826988c1122d93" + }, + { + "name": "https://github.com/jsummers/imageworsener/issues/15", + "refsource": "MISC", + "url": "https://github.com/jsummers/imageworsener/issues/15" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10099.json b/2018/10xxx/CVE-2018-10099.json index 3c88a590c02..ac7162b125d 100644 --- a/2018/10xxx/CVE-2018-10099.json +++ b/2018/10xxx/CVE-2018-10099.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313", - "refsource" : "MISC", - "url" : "https://chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313" - }, - { - "name" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549", - "refsource" : "MISC", - "url" : "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549" - }, - { - "name" : "https://www.reddit.com/r/netsec/comments/9yiidf/xssearching_googles_bug_tracker_to_find_out/ea2i7wz/", - "refsource" : "MISC", - "url" : "https://www.reddit.com/r/netsec/comments/9yiidf/xssearching_googles_bug_tracker_to_find_out/ea2i7wz/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313", + "refsource": "MISC", + "url": "https://chromium.googlesource.com/infra/infra/+/0ff6b6453b6192987bd9240c1e872a7de5fb1313" + }, + { + "name": "https://www.reddit.com/r/netsec/comments/9yiidf/xssearching_googles_bug_tracker_to_find_out/ea2i7wz/", + "refsource": "MISC", + "url": "https://www.reddit.com/r/netsec/comments/9yiidf/xssearching_googles_bug_tracker_to_find_out/ea2i7wz/" + }, + { + "name": "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549", + "refsource": "MISC", + "url": "https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10637.json b/2018/10xxx/CVE-2018-10637.json index 4a096c5954e..d319705537f 100644 --- a/2018/10xxx/CVE-2018-10637.json +++ b/2018/10xxx/CVE-2018-10637.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-10637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "V-Server Lite", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.3.0 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Fuji Electric" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-10637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "V-Server Lite", + "version": { + "version_data": [ + { + "version_value": "4.0.3.0 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02" - }, - { - "name" : "105328", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A maliciously crafted project file may cause a buffer overflow, which may allow the attacker to execute arbitrary code that affects Fuji Electric V-Server Lite 4.0.3.0 and prior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105328", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105328" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10642.json b/2018/10xxx/CVE-2018-10642.json index b80be8b1125..3c195c572fa 100644 --- a/2018/10xxx/CVE-2018-10642.json +++ b/2018/10xxx/CVE-2018-10642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/arbahayoub/POC/blob/master/itop_command_injection_1.txt", - "refsource" : "MISC", - "url" : "https://github.com/arbahayoub/POC/blob/master/itop_command_injection_1.txt" - }, - { - "name" : "https://sourceforge.net/p/itop/tickets/1585/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/itop/tickets/1585/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/itop/tickets/1585/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/itop/tickets/1585/" + }, + { + "name": "https://github.com/arbahayoub/POC/blob/master/itop_command_injection_1.txt", + "refsource": "MISC", + "url": "https://github.com/arbahayoub/POC/blob/master/itop_command_injection_1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14630.json b/2018/14xxx/CVE-2018-14630.json index 61b3898e90a..fb33d5c4911 100644 --- a/2018/14xxx/CVE-2018-14630.json +++ b/2018/14xxx/CVE-2018-14630.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-14630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "moodle", - "version" : { - "version_data" : [ - { - "version_value" : "3.5.2" - }, - { - "version_value" : "3.4.5" - }, - { - "version_value" : "3.3.8" - }, - { - "version_value" : "3.1.14" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "3.5.2" + }, + { + "version_value": "3.4.5" + }, + { + "version_value": "3.3.8" + }, + { + "version_value": "3.1.14" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180918 SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/28" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=376023", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=376023" - }, - { - "name" : "105354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105354" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=376023", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=376023" + }, + { + "name": "20180918 SEC Consult SA-20180918-0 :: Remote Code Execution via PHP unserialize in Moodle open-source learning platform", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/28" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14749.json b/2018/14xxx/CVE-2018-14749.json index a970dd8d3a7..b417d807e61 100644 --- a/2018/14xxx/CVE-2018-14749.json +++ b/2018/14xxx/CVE-2018-14749.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "ID" : "CVE-2018-14749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QNAP QTS", - "version" : { - "version_data" : [ - { - "version_value" : "QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "ID": "CVE-2018-14749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QNAP QTS", + "version": { + "version_data": [ + { + "version_value": "QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Overflow vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could have unspecified impact on the NAS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14752.json b/2018/14xxx/CVE-2018-14752.json index 393d05135e5..e2cf42cbf7d 100644 --- a/2018/14xxx/CVE-2018-14752.json +++ b/2018/14xxx/CVE-2018-14752.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14752", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14752", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14998.json b/2018/14xxx/CVE-2018-14998.json index d474fafe143..00cf707ea13 100644 --- a/2018/14xxx/CVE-2018-14998.json +++ b/2018/14xxx/CVE-2018-14998.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" - }, - { - "name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", - "refsource" : "MISC", - "url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB by modifying read-only system properties at runtime. Specifically, modifying the ro.debuggable and the ro.secure system properties to a certain value and then restarting the ADB daemon allows for a root shell to be obtained via ADB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" + }, + { + "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", + "refsource": "MISC", + "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15207.json b/2018/15xxx/CVE-2018-15207.json index ba4e73d4c94..83ebe50007d 100644 --- a/2018/15xxx/CVE-2018-15207.json +++ b/2018/15xxx/CVE-2018-15207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15273.json b/2018/15xxx/CVE-2018-15273.json index be639029414..b3015b08ab6 100644 --- a/2018/15xxx/CVE-2018-15273.json +++ b/2018/15xxx/CVE-2018-15273.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15273", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15273", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20291.json b/2018/20xxx/CVE-2018-20291.json index 0b22ba992fe..84811f304e4 100644 --- a/2018/20xxx/CVE-2018-20291.json +++ b/2018/20xxx/CVE-2018-20291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20516.json b/2018/20xxx/CVE-2018-20516.json index 047f65eb144..8f364457f78 100644 --- a/2018/20xxx/CVE-2018-20516.json +++ b/2018/20xxx/CVE-2018-20516.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20516", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20516", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9116.json b/2018/9xxx/CVE-2018-9116.json index d1c453de5fb..8dde356dbdc 100644 --- a/2018/9xxx/CVE-2018-9116.json +++ b/2018/9xxx/CVE-2018-9116.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/forum/#!topic/wiremock-user/PQ1UQzKZVl0", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/wiremock-user/PQ1UQzKZVl0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XXE vulnerability within WireMock before 2.16.0 allows a remote unauthenticated attacker to access local files and internal resources and potentially cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/wiremock-user/PQ1UQzKZVl0", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/wiremock-user/PQ1UQzKZVl0" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9152.json b/2018/9xxx/CVE-2018-9152.json index 9aff377f3ec..83d5edbbc6c 100644 --- a/2018/9xxx/CVE-2018-9152.json +++ b/2018/9xxx/CVE-2018-9152.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9152", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9152", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9297.json b/2018/9xxx/CVE-2018-9297.json index 14e734fe0fb..c5162a25622 100644 --- a/2018/9xxx/CVE-2018-9297.json +++ b/2018/9xxx/CVE-2018-9297.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9297", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9297", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9496.json b/2018/9xxx/CVE-2018-9496.json index 029f2f9c33f..7ca1b058599 100644 --- a/2018/9xxx/CVE-2018-9496.json +++ b/2018/9xxx/CVE-2018-9496.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-9496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-9496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-10-01,", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-10-01," - }, - { - "name" : "105481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-10-01,", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-10-01," + }, + { + "name": "105481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105481" + }, + { + "name": "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/external/libxaac/+/04e8cd58f075bec5892e369c8deebca9c67e855c" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9713.json b/2018/9xxx/CVE-2018-9713.json index 309291c18a5..d517c453754 100644 --- a/2018/9xxx/CVE-2018-9713.json +++ b/2018/9xxx/CVE-2018-9713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file