diff --git a/2002/0xxx/CVE-2002-0481.json b/2002/0xxx/CVE-2002-0481.json index 270558eb078..7612522288b 100644 --- a/2002/0xxx/CVE-2002-0481.json +++ b/2002/0xxx/CVE-2002-0481.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020321 How Outlook 2002 can still execute JavaScript in an HTML email message", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/263429" - }, - { - "name" : "4340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4340" - }, - { - "name" : "outlook-iframe-javascript(8604)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8604.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020321 How Outlook 2002 can still execute JavaScript in an HTML email message", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/263429" + }, + { + "name": "4340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4340" + }, + { + "name": "outlook-iframe-javascript(8604)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8604.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1176.json b/2002/1xxx/CVE-2002-1176.json index e077680df76..d97c5fdbc8c 100644 --- a/2002/1xxx/CVE-2002-1176.json +++ b/2002/1xxx/CVE-2002-1176.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104025874209567&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Winamp 2.81 allows remote attackers to execute arbitrary code via a long Artist ID3v2 tag in an MP3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021219 Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104025874209567&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1197.json b/2002/1xxx/CVE-2002-1197.json index 66becab973b..749d43e0410 100644 --- a/2002/1xxx/CVE-2002-1197.json +++ b/2002/1xxx/CVE-2002-1197.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021001 [BUGZILLA] Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103349804226566&w=2" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163024", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163024" - }, - { - "name" : "5844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5844" - }, - { - "name" : "bugzilla-emailappend-command-injection(10234)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10234.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bugzilla-emailappend-command-injection(10234)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10234.php" + }, + { + "name": "5844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5844" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=163024", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=163024" + }, + { + "name": "20021001 [BUGZILLA] Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103349804226566&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1644.json b/2002/1xxx/CVE-2002-1644.json index 9073ebb7f69..0b9968947a5 100644 --- a/2002/1xxx/CVE-2002-1644.json +++ b/2002/1xxx/CVE-2002-1644.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ssh.com/company/newsroom/article/286/", - "refsource" : "CONFIRM", - "url" : "http://www.ssh.com/company/newsroom/article/286/" - }, - { - "name" : "VU#740619", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/740619" - }, - { - "name" : "6247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6247" - }, - { - "name" : "ssh-setsid-privilege-elevation(10710)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0.13 through 3.2.1, when running without a PTY, does not call setsid to remove the child process from the process group of the parent process, which allows attackers to gain certain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ssh-setsid-privilege-elevation(10710)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10710" + }, + { + "name": "6247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6247" + }, + { + "name": "http://www.ssh.com/company/newsroom/article/286/", + "refsource": "CONFIRM", + "url": "http://www.ssh.com/company/newsroom/article/286/" + }, + { + "name": "VU#740619", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/740619" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0133.json b/2003/0xxx/CVE-2003-0133.json index 8cf5b09088c..8bf558a96c9 100644 --- a/2003/0xxx/CVE-2003-0133.json +++ b/2003/0xxx/CVE-2003-0133.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:126", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-126.html" - }, - { - "name" : "MDKSA-2003:046", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:046" - }, - { - "name" : "CLA-2003:737", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737" - }, - { - "name" : "oval:org.mitre.oval:def:138", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:138", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A138" + }, + { + "name": "CLA-2003:737", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737" + }, + { + "name": "MDKSA-2003:046", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:046" + }, + { + "name": "RHSA-2003:126", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-126.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0351.json b/2003/0xxx/CVE-2003-0351.json index 25c6e894dca..c8c47908fac 100644 --- a/2003/0xxx/CVE-2003-0351.json +++ b/2003/0xxx/CVE-2003-0351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0351", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0351", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0506.json b/2003/0xxx/CVE-2003-0506.json index 5daa754927c..7ecb27cbde3 100644 --- a/2003/0xxx/CVE-2003-0506.json +++ b/2003/0xxx/CVE-2003-0506.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105716650021546&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105716650021546&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0546.json b/2003/0xxx/CVE-2003-0546.json index a12ea617f0a..3d071bf3aad 100644 --- a/2003/0xxx/CVE-2003-0546.json +++ b/2003/0xxx/CVE-2003-0546.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:255", - "refsource" : "REDHAT", - "url" : "http://marc.info/?l=bugtraq&m=106036724315539&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:631", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:255", + "refsource": "REDHAT", + "url": "http://marc.info/?l=bugtraq&m=106036724315539&w=2" + }, + { + "name": "oval:org.mitre.oval:def:631", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0833.json b/2003/0xxx/CVE-2003-0833.json index aa7de2b24fe..463320a40da 100644 --- a/2003/0xxx/CVE-2003-0833.json +++ b/2003/0xxx/CVE-2003-0833.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-392", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-392", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-392" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1288.json b/2003/1xxx/CVE-2003-1288.json index 27ce8ddcc1e..9227df25852 100644 --- a/2003/1xxx/CVE-2003-1288.json +++ b/2003/1xxx/CVE-2003-1288.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Vserver] 20031218 SMP oops 2.4.23 v1.22", - "refsource" : "MLIST", - "url" : "http://list.linux-vserver.org/archive/vserver/msg05630.html" - }, - { - "name" : "[Vserver] 20031219 Re: SMP oops 2.4.23 v1.22", - "refsource" : "MLIST", - "url" : "http://list.linux-vserver.org/archive/vserver/msg05631.html" - }, - { - "name" : "[Vserver] 20031220 Re: SMP oops 2.4.23 v1.22", - "refsource" : "MLIST", - "url" : "http://list.linux-vserver.org/archive/vserver/msg05658.html" - }, - { - "name" : "http://linux-vserver.org/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://linux-vserver.org/ChangeLog" - }, - { - "name" : "7587", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux-vserver.org/ChangeLog", + "refsource": "CONFIRM", + "url": "http://linux-vserver.org/ChangeLog" + }, + { + "name": "[Vserver] 20031219 Re: SMP oops 2.4.23 v1.22", + "refsource": "MLIST", + "url": "http://list.linux-vserver.org/archive/vserver/msg05631.html" + }, + { + "name": "[Vserver] 20031220 Re: SMP oops 2.4.23 v1.22", + "refsource": "MLIST", + "url": "http://list.linux-vserver.org/archive/vserver/msg05658.html" + }, + { + "name": "[Vserver] 20031218 SMP oops 2.4.23 v1.22", + "refsource": "MLIST", + "url": "http://list.linux-vserver.org/archive/vserver/msg05630.html" + }, + { + "name": "7587", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7587" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1353.json b/2003/1xxx/CVE-2003-1353.json index 20a4ac1dd1d..b63447df453 100644 --- a/2003/1xxx/CVE-2003-1353.json +++ b/2003/1xxx/CVE-2003-1353.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030116 Outreach Project Tool", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0119.html" - }, - { - "name" : "6631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6631" - }, - { - "name" : "opt-news-post-xss(11096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opt-news-post-xss(11096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11096" + }, + { + "name": "20030116 Outreach Project Tool", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0119.html" + }, + { + "name": "6631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6631" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1556.json b/2003/1xxx/CVE-2003-1556.json index 7416fdebac0..d2a2106f787 100644 --- a/2003/1xxx/CVE-2003-1556.json +++ b/2003/1xxx/CVE-2003-1556.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030329 CGI-City's CCGuestBook Script Injection Vulns", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316764/30/25250/threaded" - }, - { - "name" : "7237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7237" - }, - { - "name" : "3796", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3796", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3796" + }, + { + "name": "7237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7237" + }, + { + "name": "20030329 CGI-City's CCGuestBook Script Injection Vulns", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316764/30/25250/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2005.json b/2004/2xxx/CVE-2004-2005.json index d021da14e7b..589cb6ecf38 100644 --- a/2004/2xxx/CVE-2004-2005.json +++ b/2004/2xxx/CVE-2004-2005.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040507 Eudora file URL buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108395487628044&w=2" - }, - { - "name" : "20040507 Eudora file URL buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.netsys.com/pipermail/full-disclosure/2004-May/021059.html" - }, - { - "name" : "http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt" - }, - { - "name" : "10298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10298" - }, - { - "name" : "11568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11568" - }, - { - "name" : "eudora-long-url-bo(16086)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt", + "refsource": "CONFIRM", + "url": "http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt" + }, + { + "name": "10298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10298" + }, + { + "name": "20040507 Eudora file URL buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108395487628044&w=2" + }, + { + "name": "11568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11568" + }, + { + "name": "eudora-long-url-bo(16086)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16086" + }, + { + "name": "20040507 Eudora file URL buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.netsys.com/pipermail/full-disclosure/2004-May/021059.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2094.json b/2004/2xxx/CVE-2004-2094.json index 0037aa3847b..5f86858ea5e 100644 --- a/2004/2xxx/CVE-2004-2094.json +++ b/2004/2xxx/CVE-2004-2094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040121 WebcamXP v1.06.945 Cross Site Scripting Vulnerabillity", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107471195326270&w=2" - }, - { - "name" : "webcamxp-xss(14904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14904" - }, - { - "name" : "9465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webcamxp-xss(14904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14904" + }, + { + "name": "20040121 WebcamXP v1.06.945 Cross Site Scripting Vulnerabillity", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107471195326270&w=2" + }, + { + "name": "9465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9465" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0010.json b/2012/0xxx/CVE-2012-0010.json index e1661ef133a..440d1d4d67a 100644 --- a/2012/0xxx/CVE-2012-0010.json +++ b/2012/0xxx/CVE-2012-0010.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Copy and Paste Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010" - }, - { - "name" : "oval:org.mitre.oval:def:14835", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Copy and Paste Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14835", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14835" + }, + { + "name": "MS12-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-010" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0090.json b/2012/0xxx/CVE-2012-0090.json index 08ccc2e7fd7..8e808b9ab64 100644 --- a/2012/0xxx/CVE-2012-0090.json +++ b/2012/0xxx/CVE-2012-0090.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0236.json b/2012/0xxx/CVE-2012-0236.json index d60a8c443d5..f73950118b8 100644 --- a/2012/0xxx/CVE-2012-0236.json +++ b/2012/0xxx/CVE-2012-0236.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly \"does not consider it to be a security risk.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - }, - { - "name" : "52051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly \"does not consider it to be a security risk.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + }, + { + "name": "52051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52051" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0714.json b/2012/0xxx/CVE-2012-0714.json index 47dc948adbc..460f2e2aece 100644 --- a/2012/0xxx/CVE-2012-0714.json +++ b/2012/0xxx/CVE-2012-0714.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" - }, - { - "name" : "IV16085", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" - }, - { - "name" : "IV16497", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" - }, - { - "name" : "85179", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85179" - }, - { - "name" : "50551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50551" - }, - { - "name" : "ibm-maximo-csrf(73534)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85179", + "refsource": "OSVDB", + "url": "http://osvdb.org/85179" + }, + { + "name": "50551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50551" + }, + { + "name": "ibm-maximo-csrf(73534)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73534" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" + }, + { + "name": "IV16085", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16085" + }, + { + "name": "IV16497", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV16497" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1049.json b/2012/1xxx/CVE-2012-1049.json index 6c10ca4da32..386338f766b 100644 --- a/2012/1xxx/CVE-2012-1049.json +++ b/2012/1xxx/CVE-2012-1049.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109528", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109528" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php" - }, - { - "name" : "51893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51893" - }, - { - "name" : "47887", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47887" - }, - { - "name" : "manageengine-admanager-multiple-xss(73039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/109528", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109528" + }, + { + "name": "manageengine-admanager-multiple-xss(73039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73039" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php" + }, + { + "name": "47887", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47887" + }, + { + "name": "51893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51893" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1599.json b/2012/1xxx/CVE-2012-1599.json index 1d6b893dfba..990be428dad 100644 --- a/2012/1xxx/CVE-2012-1599.json +++ b/2012/1xxx/CVE-2012-1599.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive \"administrative back end information\" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120328 Re: CVE-request: Joomla 20120305 / 20120306", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/29/5" - }, - { - "name" : "http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive \"administrative back end information\" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120328 Re: CVE-request: Joomla 20120305 / 20120306", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/29/5" + }, + { + "name": "http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/397-20120306-core-information-disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5274.json b/2012/5xxx/CVE-2012-5274.json index 96048a5d9a2..5e784b21234 100644 --- a/2012/5xxx/CVE-2012-5274.json +++ b/2012/5xxx/CVE-2012-5274.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-24.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-24.html" - }, - { - "name" : "RHSA-2012:1431", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1431.html" - }, - { - "name" : "SUSE-SU-2012:1485", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html" - }, - { - "name" : "openSUSE-SU-2012:1480", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0134", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html" - }, - { - "name" : "openSUSE-SU-2013:0367", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html" - }, - { - "name" : "1027730", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027730" - }, - { - "name" : "51245", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51245" - }, - { - "name" : "51186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51186" - }, - { - "name" : "51207", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51207" - }, - { - "name" : "51213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51213" - }, - { - "name" : "adobe-cve20125274-bo(79845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, and CVE-2012-5280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0134", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html" + }, + { + "name": "RHSA-2012:1431", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1431.html" + }, + { + "name": "51245", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51245" + }, + { + "name": "1027730", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027730" + }, + { + "name": "openSUSE-SU-2013:0367", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html" + }, + { + "name": "51186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51186" + }, + { + "name": "openSUSE-SU-2012:1480", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-24.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-24.html" + }, + { + "name": "SUSE-SU-2012:1485", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html" + }, + { + "name": "51213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51213" + }, + { + "name": "51207", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51207" + }, + { + "name": "adobe-cve20125274-bo(79845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79845" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5304.json b/2012/5xxx/CVE-2012-5304.json index bf7c39b6e65..92fb8f76bac 100644 --- a/2012/5xxx/CVE-2012-5304.json +++ b/2012/5xxx/CVE-2012-5304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120227 Re: Case YVS Image Gallery", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/27/27" - }, - { - "name" : "[oss-security] 20120319 Re: Case YVS Image Gallery", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/19/12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120319 Re: Case YVS Image Gallery", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/12" + }, + { + "name": "[oss-security] 20120227 Re: Case YVS Image Gallery", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/27/27" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5516.json b/2012/5xxx/CVE-2012-5516.json index e1a5ffb7c53..7e911d4259d 100644 --- a/2012/5xxx/CVE-2012-5516.json +++ b/2012/5xxx/CVE-2012-5516.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:1506", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html" - }, - { - "name" : "56825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56825" - }, - { - "name" : "1027838", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027838" - }, - { - "name" : "enterprise-wipeafterdelete-info-disc(80546)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56825" + }, + { + "name": "RHSA-2012:1506", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html" + }, + { + "name": "enterprise-wipeafterdelete-info-disc(80546)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80546" + }, + { + "name": "1027838", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027838" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5750.json b/2012/5xxx/CVE-2012-5750.json index c67720b057c..e2d904746be 100644 --- a/2012/5xxx/CVE-2012-5750.json +++ b/2012/5xxx/CVE-2012-5750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5750", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5750", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5928.json b/2012/5xxx/CVE-2012-5928.json index acd99bc32d4..f1f40062381 100644 --- a/2012/5xxx/CVE-2012-5928.json +++ b/2012/5xxx/CVE-2012-5928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3144.json b/2017/3xxx/CVE-2017-3144.json index ca06be05ffc..5bdf8caa39f 100644 --- a/2017/3xxx/CVE-2017-3144.json +++ b/2017/3xxx/CVE-2017-3144.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-officer@isc.org", - "DATE_PUBLIC" : "2018-01-16T00:00:00.000Z", - "ID" : "CVE-2017-3144", - "STATE" : "PUBLIC", - "TITLE" : "Failure to properly clean up closed OMAPI connections can exhaust available sockets" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ISC DHCP", - "version" : { - "version_data" : [ - { - "version_name" : "ISC DHCP", - "version_value" : "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." - } - ] - } - } - ] - }, - "vendor_name" : "ISC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc." - } + "CVE_data_meta": { + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2018-01-16T00:00:00.000Z", + "ID": "CVE-2017-3144", + "STATE": "PUBLIC", + "TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ISC DHCP", + "version": { + "version_data": [ + { + "version_name": "ISC DHCP", + "version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." + } + ] + } + } + ] + }, + "vendor_name": "ISC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/docs/aa-01541", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/docs/aa-01541" - }, - { - "name" : "DSA-4133", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4133" - }, - { - "name" : "RHSA-2018:0158", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0158" - }, - { - "name" : "USN-3586-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3586-1/" - }, - { - "name" : "102726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102726" - }, - { - "name" : "1040194", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040194" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:0158", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0158" + }, + { + "name": "DSA-4133", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4133" + }, + { + "name": "102726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102726" + }, + { + "name": "1040194", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040194" + }, + { + "name": "USN-3586-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3586-1/" + }, + { + "name": "https://kb.isc.org/docs/aa-01541", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/aa-01541" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)." + } + ] +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3250.json b/2017/3xxx/CVE-2017-3250.json index 381373af80a..5c0c1102ebf 100644 --- a/2017/3xxx/CVE-2017-3250.json +++ b/2017/3xxx/CVE-2017-3250.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GlassFish Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.1.1" - }, - { - "version_value" : "3.0.1" - }, - { - "version_value" : "3.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GlassFish Server", + "version": { + "version_data": [ + { + "version_value": "2.1.1" + }, + { + "version_value": "3.0.1" + }, + { + "version_value": "3.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95480" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3570.json b/2017/3xxx/CVE-2017-3570.json index 9919e6a74a5..b7e4a49c392 100644 --- a/2017/3xxx/CVE-2017-3570.json +++ b/2017/3xxx/CVE-2017-3570.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise FIN eSettlements", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.1" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eSettlements). The supported version that is affected is 9.1. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise FSCM accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise FSCM accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise FIN eSettlements", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97906" - }, - { - "name" : "1038301", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eSettlements). The supported version that is affected is 9.1. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise FSCM accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FSCM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise FSCM accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise FSCM accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97906" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038301", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038301" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6512.json b/2017/6xxx/CVE-2017-6512.json index b3ec3d3df98..d444ad58190 100644 --- a/2017/6xxx/CVE-2017-6512.json +++ b/2017/6xxx/CVE-2017-6512.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes" - }, - { - "name" : "http://security.cucumberlinux.com/security/details.php?id=153", - "refsource" : "CONFIRM", - "url" : "http://security.cucumberlinux.com/security/details.php?id=153" - }, - { - "name" : "https://rt.cpan.org/Ticket/Display.html?id=121951", - "refsource" : "CONFIRM", - "url" : "https://rt.cpan.org/Ticket/Display.html?id=121951" - }, - { - "name" : "DSA-3873", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3873" - }, - { - "name" : "GLSA-201709-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-12" - }, - { - "name" : "USN-3625-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3625-2/" - }, - { - "name" : "USN-3625-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3625-1/" - }, - { - "name" : "99180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99180" - }, - { - "name" : "1038610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/JKEENAN/File-Path-2.13/Changes" + }, + { + "name": "USN-3625-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3625-2/" + }, + { + "name": "DSA-3873", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3873" + }, + { + "name": "99180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99180" + }, + { + "name": "1038610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038610" + }, + { + "name": "GLSA-201709-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-12" + }, + { + "name": "http://security.cucumberlinux.com/security/details.php?id=153", + "refsource": "CONFIRM", + "url": "http://security.cucumberlinux.com/security/details.php?id=153" + }, + { + "name": "https://rt.cpan.org/Ticket/Display.html?id=121951", + "refsource": "CONFIRM", + "url": "https://rt.cpan.org/Ticket/Display.html?id=121951" + }, + { + "name": "USN-3625-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3625-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6515.json b/2017/6xxx/CVE-2017-6515.json index 5d6c547bffc..4ccc548d4ce 100644 --- a/2017/6xxx/CVE-2017-6515.json +++ b/2017/6xxx/CVE-2017-6515.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6515", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6515", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6522.json b/2017/6xxx/CVE-2017-6522.json index 745574fdf70..6afb63a252d 100644 --- a/2017/6xxx/CVE-2017-6522.json +++ b/2017/6xxx/CVE-2017-6522.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6522", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6522", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6533.json b/2017/6xxx/CVE-2017-6533.json index 7f61819856c..68eee426337 100644 --- a/2017/6xxx/CVE-2017-6533.json +++ b/2017/6xxx/CVE-2017-6533.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WPO-Foundation/webpagetest/issues/833", - "refsource" : "CONFIRM", - "url" : "https://github.com/WPO-Foundation/webpagetest/issues/833" - }, - { - "name" : "96935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96935" + }, + { + "name": "https://github.com/WPO-Foundation/webpagetest/issues/833", + "refsource": "CONFIRM", + "url": "https://github.com/WPO-Foundation/webpagetest/issues/833" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6665.json b/2017/6xxx/CVE-2017-6665.json index 0e76b809428..7876a964a0b 100644 --- a/2017/6xxx/CVE-2017-6665.json +++ b/2017/6xxx/CVE-2017-6665.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp" - }, - { - "name" : "99969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99969" - }, - { - "name" : "1038998", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp" + }, + { + "name": "99969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99969" + }, + { + "name": "1038998", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038998" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7208.json b/2017/7xxx/CVE-2017-7208.json index 82f6f5f14ad..ac2016fbf1f 100644 --- a/2017/7xxx/CVE-2017-7208.json +++ b/2017/7xxx/CVE-2017-7208.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.libav.org/show_bug.cgi?id=1000", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.libav.org/show_bug.cgi?id=1000" - }, - { - "name" : "DSA-4012", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4012" - }, - { - "name" : "97005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97005" + }, + { + "name": "https://bugzilla.libav.org/show_bug.cgi?id=1000", + "refsource": "CONFIRM", + "url": "https://bugzilla.libav.org/show_bug.cgi?id=1000" + }, + { + "name": "DSA-4012", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4012" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7292.json b/2017/7xxx/CVE-2017-7292.json index 17d80185384..1c185c138de 100644 --- a/2017/7xxx/CVE-2017-7292.json +++ b/2017/7xxx/CVE-2017-7292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7306.json b/2017/7xxx/CVE-2017-7306.json index 975ea717a68..fe138b509ee 100644 --- a/2017/7xxx/CVE-2017-7306.json +++ b/2017/7xxx/CVE-2017-7306.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Feb/25", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Feb/25" - }, - { - "name" : "https://supportkb.riverbed.com/support/index?page=content&id=S30065", - "refsource" : "MISC", - "url" : "https://supportkb.riverbed.com/support/index?page=content&id=S30065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Feb/25", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Feb/25" + }, + { + "name": "https://supportkb.riverbed.com/support/index?page=content&id=S30065", + "refsource": "MISC", + "url": "https://supportkb.riverbed.com/support/index?page=content&id=S30065" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7499.json b/2017/7xxx/CVE-2017-7499.json index dd2136ee100..ea7773b73c4 100644 --- a/2017/7xxx/CVE-2017-7499.json +++ b/2017/7xxx/CVE-2017-7499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7499", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8933. Reason: This candidate is a reservation duplicate of CVE-2017-8933. Notes: All CVE users should reference CVE-2017-8933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8933. Reason: This candidate is a reservation duplicate of CVE-2017-8933. Notes: All CVE users should reference CVE-2017-8933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7606.json b/2017/7xxx/CVE-2017-7606.json index 65d8451a42c..893b7b1ead9 100644 --- a/2017/7xxx/CVE-2017-7606.json +++ b/2017/7xxx/CVE-2017-7606.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/rle.c in ImageMagick 7.0.5-4 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/" - }, - { - "name" : "DSA-3863", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3863" - }, - { - "name" : "98685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/rle.c in ImageMagick 7.0.5-4 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98685" + }, + { + "name": "DSA-3863", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3863" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7983.json b/2017/7xxx/CVE-2017-7983.json index 70195833de8..0f3821268a3 100644 --- a/2017/7xxx/CVE-2017-7983.json +++ b/2017/7xxx/CVE-2017-7983.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure", - "refsource" : "CONFIRM", - "url" : "https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure" - }, - { - "name" : "98016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98016" + }, + { + "name": "https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure", + "refsource": "CONFIRM", + "url": "https://developer.joomla.org/security-centre/683-20170401-core-information-disclosure" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8512.json b/2017/8xxx/CVE-2017-8512.json index 6709f033c85..cb8340bef93 100644 --- a/2017/8xxx/CVE-2017-8512.json +++ b/2017/8xxx/CVE-2017-8512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2013 Service Pack 1, Microsoft Office 2016, Microsoft Office Online Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, Microsoft Office Web Apps Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, and Word Automation Services." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512" - }, - { - "name" : "98816", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98816" - }, - { - "name" : "1038668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98816", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98816" + }, + { + "name": "1038668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038668" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8512" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8533.json b/2017/8xxx/CVE-2017-8533.json index e32cf499772..9cec398fc91 100644 --- a/2017/8xxx/CVE-2017-8533.json +++ b/2017/8xxx/CVE-2017-8533.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Graphics", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Graphics", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533" - }, - { - "name" : "98821", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98821", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98821" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8533" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8762.json b/2017/8xxx/CVE-2017-8762.json index 217fc4dc904..34eb27f1a56 100644 --- a/2017/8xxx/CVE-2017-8762.json +++ b/2017/8xxx/CVE-2017-8762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/73", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/issues/73" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/73", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/issues/73" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10260.json b/2018/10xxx/CVE-2018-10260.json index 067e9660361..ffddb59500f 100644 --- a/2018/10xxx/CVE-2018-10260.json +++ b/2018/10xxx/CVE-2018-10260.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44539", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44539/" - }, - { - "name" : "http://packetstormsecurity.com/files/147382/HRSALE-The-Ultimate-HRM-1.0.2-Local-File-Inclusion.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/147382/HRSALE-The-Ultimate-HRM-1.0.2-Local-File-Inclusion.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44539", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44539/" + }, + { + "name": "http://packetstormsecurity.com/files/147382/HRSALE-The-Ultimate-HRM-1.0.2-Local-File-Inclusion.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/147382/HRSALE-The-Ultimate-HRM-1.0.2-Local-File-Inclusion.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10783.json b/2018/10xxx/CVE-2018-10783.json index 7a19e46b231..767f9eef2a8 100644 --- a/2018/10xxx/CVE-2018-10783.json +++ b/2018/10xxx/CVE-2018-10783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10791.json b/2018/10xxx/CVE-2018-10791.json index f83c70da436..fb1e66f5af0 100644 --- a/2018/10xxx/CVE-2018-10791.json +++ b/2018/10xxx/CVE-2018-10791.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10791", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10791", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10917.json b/2018/10xxx/CVE-2018-10917.json index fe1c3ae2980..4e1f22e3dd5 100644 --- a/2018/10xxx/CVE-2018-10917.json +++ b/2018/10xxx/CVE-2018-10917.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pulp", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pulp", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.8/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10917" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13293.json b/2018/13xxx/CVE-2018-13293.json index cc293765bc9..b4ab6745f07 100644 --- a/2018/13xxx/CVE-2018-13293.json +++ b/2018/13xxx/CVE-2018-13293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17475.json b/2018/17xxx/CVE-2018-17475.json index 9dda5a2593d..e383e9782d5 100644 --- a/2018/17xxx/CVE-2018-17475.json +++ b/2018/17xxx/CVE-2018-17475.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : " 70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect security UI" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": " 70.0.3538.67" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/852634", - "refsource" : "MISC", - "url" : "https://crbug.com/852634" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4330", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4330" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:3004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3004" - }, - { - "name" : "105666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/852634", + "refsource": "MISC", + "url": "https://crbug.com/852634" + }, + { + "name": "DSA-4330", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4330" + }, + { + "name": "RHSA-2018:3004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3004" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" + }, + { + "name": "105666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105666" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17739.json b/2018/17xxx/CVE-2018-17739.json index 00d63f65a72..f84bb3372e4 100644 --- a/2018/17xxx/CVE-2018-17739.json +++ b/2018/17xxx/CVE-2018-17739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17824.json b/2018/17xxx/CVE-2018-17824.json index 733eaeb04d4..0640a8f6fb1 100644 --- a/2018/17xxx/CVE-2018-17824.json +++ b/2018/17xxx/CVE-2018-17824.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17824", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17824", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20437.json b/2018/20xxx/CVE-2018-20437.json index 04eadbb472f..7767f79b181 100644 --- a/2018/20xxx/CVE-2018-20437.json +++ b/2018/20xxx/CVE-2018-20437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report because the product uses a JAR archive for deployment, and this contains application.yml with configuration data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/9a753215b0969a5d5b5bfe8c68585339fee96260", - "refsource" : "MISC", - "url" : "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/9a753215b0969a5d5b5bfe8c68585339fee96260" - }, - { - "name" : "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/a9706b1b3c96bacece24886429b4423c3a467acd", - "refsource" : "MISC", - "url" : "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/a9706b1b3c96bacece24886429b4423c3a467acd" - }, - { - "name" : "https://github.com/wuyouzhuguli/FEBS-Shiro/issues/40", - "refsource" : "MISC", - "url" : "https://github.com/wuyouzhuguli/FEBS-Shiro/issues/40" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report because the product uses a JAR archive for deployment, and this contains application.yml with configuration data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/a9706b1b3c96bacece24886429b4423c3a467acd", + "refsource": "MISC", + "url": "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/a9706b1b3c96bacece24886429b4423c3a467acd" + }, + { + "name": "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/9a753215b0969a5d5b5bfe8c68585339fee96260", + "refsource": "MISC", + "url": "https://github.com/wuyouzhuguli/FEBS-Shiro/commit/9a753215b0969a5d5b5bfe8c68585339fee96260" + }, + { + "name": "https://github.com/wuyouzhuguli/FEBS-Shiro/issues/40", + "refsource": "MISC", + "url": "https://github.com/wuyouzhuguli/FEBS-Shiro/issues/40" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20649.json b/2018/20xxx/CVE-2018-20649.json index 0152ae13f2b..4b0a89b9248 100644 --- a/2018/20xxx/CVE-2018-20649.json +++ b/2018/20xxx/CVE-2018-20649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20759.json b/2018/20xxx/CVE-2018-20759.json index 60eeff3c896..7a9226ab715 100644 --- a/2018/20xxx/CVE-2018-20759.json +++ b/2018/20xxx/CVE-2018-20759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9128.json b/2018/9xxx/CVE-2018-9128.json index 370c8b4b64d..0380446ab3c 100644 --- a/2018/9xxx/CVE-2018-9128.json +++ b/2018/9xxx/CVE-2018-9128.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44438", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44438/" - }, - { - "name" : "https://0day4u.wordpress.com/2018/03/30/buffer-overflow-on-dvd-x-player-standard-5-5-3-9/", - "refsource" : "MISC", - "url" : "https://0day4u.wordpress.com/2018/03/30/buffer-overflow-on-dvd-x-player-standard-5-5-3-9/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0day4u.wordpress.com/2018/03/30/buffer-overflow-on-dvd-x-player-standard-5-5-3-9/", + "refsource": "MISC", + "url": "https://0day4u.wordpress.com/2018/03/30/buffer-overflow-on-dvd-x-player-standard-5-5-3-9/" + }, + { + "name": "44438", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44438/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9524.json b/2018/9xxx/CVE-2018-9524.json index a77756e9886..051369bf49b 100644 --- a/2018/9xxx/CVE-2018-9524.json +++ b/2018/9xxx/CVE-2018-9524.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "105848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105848" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9845.json b/2018/9xxx/CVE-2018-9845.json index 5ee1d33d800..fa490423938 100644 --- a/2018/9xxx/CVE-2018-9845.json +++ b/2018/9xxx/CVE-2018-9845.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Etherpad Lite before 1.6.4 is exploitable for admin access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ether/etherpad-lite/blob/develop/CHANGELOG.md", - "refsource" : "MISC", - "url" : "https://github.com/ether/etherpad-lite/blob/develop/CHANGELOG.md" - }, - { - "name" : "https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b", - "refsource" : "MISC", - "url" : "https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Etherpad Lite before 1.6.4 is exploitable for admin access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b", + "refsource": "MISC", + "url": "https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b" + }, + { + "name": "https://github.com/ether/etherpad-lite/blob/develop/CHANGELOG.md", + "refsource": "MISC", + "url": "https://github.com/ether/etherpad-lite/blob/develop/CHANGELOG.md" + } + ] + } +} \ No newline at end of file