diff --git a/2002/0xxx/CVE-2002-0275.json b/2002/0xxx/CVE-2002-0275.json index 27999b39fbc..508ae7886c7 100644 --- a/2002/0xxx/CVE-2002-0275.json +++ b/2002/0xxx/CVE-2002-0275.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020213 Falcon Web Server Authentication Circumvention Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101363946626951&w=2" - }, - { - "name" : "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html" - }, - { - "name" : "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102253858809370&w=2" - }, - { - "name" : "4099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4099" - }, - { - "name" : "falcon-protected-dir-access(8189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020213 Falcon Web Server Authentication Circumvention Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101363946626951&w=2" + }, + { + "name": "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102253858809370&w=2" + }, + { + "name": "4099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4099" + }, + { + "name": "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html" + }, + { + "name": "falcon-protected-dir-access(8189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8189" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0606.json b/2002/0xxx/CVE-2002-0606.json index a8e00d5fd98..6b0e70236eb 100644 --- a/2002/0xxx/CVE-2002-0606.json +++ b/2002/0xxx/CVE-2002-0606.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020429 3CDaemon DoS exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html" - }, - { - "name" : "4638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4638" - }, - { - "name" : "3cdaemon-ftp-bo(8970)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8970.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020429 3CDaemon DoS exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html" + }, + { + "name": "4638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4638" + }, + { + "name": "3cdaemon-ftp-bo(8970)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8970.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0871.json b/2002/0xxx/CVE-2002-0871.json index c53ee1926b2..f0a8fd2d769 100644 --- a/2002/0xxx/CVE-2002-0871.json +++ b/2002/0xxx/CVE-2002-0871.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-151", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2002/dsa-151" - }, - { - "name" : "MDKSA-2002:053", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php" - }, - { - "name" : "RHSA-2002:196", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-196.html" - }, - { - "name" : "RHSA-2003:228", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-228.html" - }, - { - "name" : "20020814 GLSA: xinetd", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102935383506155&w=2" - }, - { - "name" : "xinetd-signal-leak-dos(9844)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9844.php" - }, - { - "name" : "5458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-151", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2002/dsa-151" + }, + { + "name": "20020814 GLSA: xinetd", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102935383506155&w=2" + }, + { + "name": "RHSA-2002:196", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-196.html" + }, + { + "name": "RHSA-2003:228", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-228.html" + }, + { + "name": "MDKSA-2002:053", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php" + }, + { + "name": "5458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5458" + }, + { + "name": "xinetd-signal-leak-dos(9844)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9844.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1109.json b/2002/1xxx/CVE-2002-1109.json index dca68824123..00b21e652ea 100644 --- a/2002/1xxx/CVE-2002-1109.json +++ b/2002/1xxx/CVE-2002-1109.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marc.info/?l=amavis-announce&m=103121272122242&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=amavis-announce&m=103121272122242&w=2" - }, - { - "name" : "20020905 GLSA: amavis", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103124270321404&w=2" - }, - { - "name" : "amavis-securetar-tar-dos(10056)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10056.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=amavis-announce&m=103121272122242&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=amavis-announce&m=103121272122242&w=2" + }, + { + "name": "amavis-securetar-tar-dos(10056)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10056.php" + }, + { + "name": "20020905 GLSA: amavis", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103124270321404&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1577.json b/2002/1xxx/CVE-2002-1577.json index 0bfeaabbc27..c5710cf417e 100644 --- a/2002/1xxx/CVE-2002-1577.json +++ b/2002/1xxx/CVE-2002-1577.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020825 SAP R/3 default password vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103038238228119&w=2" - }, - { - "name" : "sap-r3-default-account(9964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sap-r3-default-account(9964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9964" + }, + { + "name": "20020825 SAP R/3 default password vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103038238228119&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0161.json b/2003/0xxx/CVE-2003-0161.json index 202cde8b481..372f9af2a93 100644 --- a/2003/0xxx/CVE-2003-0161.json +++ b/2003/0xxx/CVE-2003-0161.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030329 Sendmail: -1 gone wild", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104897487512238&w=2" - }, - { - "name" : "20030520 [Fwd: 127 Research and Development: 127 Day!]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/321997" - }, - { - "name" : "20030331 GLSA: sendmail (200303-27)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316961/30/25250/threaded" - }, - { - "name" : "20030401 Immunix Secured OS 7+ openssl update", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/317135/30/25220/threaded" - }, - { - "name" : "20030329 Sendmail: -1 gone wild", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html" - }, - { - "name" : "20030329 sendmail 8.12.9 available", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104896621106790&w=2" - }, - { - "name" : "GLSA-200303-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml" - }, - { - "name" : "IMNX-2003-7+-002-01", - "refsource" : "IMMUNIX", - "url" : "http://www.securityfocus.com/archive/1/317135/30/25220/threaded" - }, - { - "name" : "52620", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1" - }, - { - "name" : "52700", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1" - }, - { - "name" : "1001088", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1" - }, - { - "name" : "CA-2003-12", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-12.html" - }, - { - "name" : "VU#897604", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/897604" - }, - { - "name" : "FreeBSD-SA-03:07", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc" - }, - { - "name" : "RHSA-2003:120", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-120.html" - }, - { - "name" : "RHSA-2003:121", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-121.html" - }, - { - "name" : "SCOSA-2004.11", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt" - }, - { - "name" : "20030401-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P" - }, - { - "name" : "CSSA-2003-016.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt" - }, - { - "name" : "DSA-278", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-278" - }, - { - "name" : "DSA-290", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-290" - }, - { - "name" : "CLA-2003:614", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614" - }, - { - "name" : "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104914999806315&w=2" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html" - }, - { - "name" : "7230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1001088", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1" + }, + { + "name": "52620", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1" + }, + { + "name": "20030401-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P" + }, + { + "name": "7230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7230" + }, + { + "name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104914999806315&w=2" + }, + { + "name": "RHSA-2003:120", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-120.html" + }, + { + "name": "20030401 Immunix Secured OS 7+ openssl update", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded" + }, + { + "name": "DSA-278", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-278" + }, + { + "name": "DSA-290", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-290" + }, + { + "name": "IMNX-2003-7+-002-01", + "refsource": "IMMUNIX", + "url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded" + }, + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html" + }, + { + "name": "52700", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1" + }, + { + "name": "CA-2003-12", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-12.html" + }, + { + "name": "CSSA-2003-016.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt" + }, + { + "name": "20030331 GLSA: sendmail (200303-27)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded" + }, + { + "name": "RHSA-2003:121", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-121.html" + }, + { + "name": "CLA-2003:614", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614" + }, + { + "name": "SCOSA-2004.11", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt" + }, + { + "name": "GLSA-200303-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml" + }, + { + "name": "20030329 Sendmail: -1 gone wild", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html" + }, + { + "name": "20030329 Sendmail: -1 gone wild", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104897487512238&w=2" + }, + { + "name": "FreeBSD-SA-03:07", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc" + }, + { + "name": "20030520 [Fwd: 127 Research and Development: 127 Day!]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/321997" + }, + { + "name": "20030329 sendmail 8.12.9 available", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104896621106790&w=2" + }, + { + "name": "VU#897604", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/897604" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0300.json b/2003/0xxx/CVE-2003-0300.json index 1e1a48d0e33..39038197be1 100644 --- a/2003/0xxx/CVE-2003-0300.json +++ b/2003/0xxx/CVE-2003-0300.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030514 Buffer overflows in multiple IMAP clients", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030514 Buffer overflows in multiple IMAP clients", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105294024124163&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0460.json b/2003/0xxx/CVE-2003-0460.json index 769d8e31c84..2663dfef813 100644 --- a/2003/0xxx/CVE-2003-0460.json +++ b/2003/0xxx/CVE-2003-0460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.apache.org/dist/httpd/Announcement.html", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/Announcement.html" - }, - { - "name" : "VU#694428", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/694428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.apache.org/dist/httpd/Announcement.html", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/Announcement.html" + }, + { + "name": "VU#694428", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/694428" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0468.json b/2003/0xxx/CVE-2003-0468.json index 5d72366af71..0bbc65321c8 100644 --- a/2003/0xxx/CVE-2003-0468.json +++ b/2003/0xxx/CVE-2003-0468.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct \"bounce scans\" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a \"!\" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106001525130257&w=2" - }, - { - "name" : "RHSA-2003:251", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-251.html" - }, - { - "name" : "DSA-363", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-363" - }, - { - "name" : "MDKSA-2003:081", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081" - }, - { - "name" : "SuSE-SA:2003:033", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_033_postfix.html" - }, - { - "name" : "CLA-2003:717", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717" - }, - { - "name" : "8333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8333" - }, - { - "name" : "oval:org.mitre.oval:def:522", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522" - }, - { - "name" : "9433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct \"bounce scans\" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a \"!\" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2003:717", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717" + }, + { + "name": "8333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8333" + }, + { + "name": "MDKSA-2003:081", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081" + }, + { + "name": "RHSA-2003:251", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-251.html" + }, + { + "name": "DSA-363", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-363" + }, + { + "name": "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106001525130257&w=2" + }, + { + "name": "SuSE-SA:2003:033", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_033_postfix.html" + }, + { + "name": "9433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9433" + }, + { + "name": "oval:org.mitre.oval:def:522", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0442.json b/2012/0xxx/CVE-2012-0442.json index 08f7e27fcbc..65a9577fe23 100644 --- a/2012/0xxx/CVE-2012-0442.json +++ b/2012/0xxx/CVE-2012-0442.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693399", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693399" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705347", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705347" - }, - { - "name" : "DSA-2400", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2400" - }, - { - "name" : "DSA-2402", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2402" - }, - { - "name" : "DSA-2406", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2406" - }, - { - "name" : "MDVSA-2012:013", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" - }, - { - "name" : "SUSE-SU-2012:0198", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:0221", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html" - }, - { - "name" : "openSUSE-SU-2012:0234", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" - }, - { - "name" : "oval:org.mitre.oval:def:14678", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=705347", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=705347" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=693399", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=693399" + }, + { + "name": "DSA-2402", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2402" + }, + { + "name": "DSA-2400", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2400" + }, + { + "name": "SUSE-SU-2012:0198", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html" + }, + { + "name": "MDVSA-2012:013", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" + }, + { + "name": "DSA-2406", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2406" + }, + { + "name": "SUSE-SU-2012:0221", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html" + }, + { + "name": "oval:org.mitre.oval:def:14678", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678" + }, + { + "name": "openSUSE-SU-2012:0234", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0742.json b/2012/0xxx/CVE-2012-0742.json index db44b33696b..9fd1dd04b0f 100644 --- a/2012/0xxx/CVE-2012-0742.json +++ b/2012/0xxx/CVE-2012-0742.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "OA38586", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1OA38586" - }, - { - "name" : "tep-aopsclog-info-disclosure(74641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tep-aopsclog-info-disclosure(74641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74641" + }, + { + "name": "OA38586", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1OA38586" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0753.json b/2012/0xxx/CVE-2012-0753.json index 0518372e44a..edff57b87b9 100644 --- a/2012/0xxx/CVE-2012-0753.json +++ b/2012/0xxx/CVE-2012-0753.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-03.html" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "RHSA-2012:0144", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0144.html" - }, - { - "name" : "openSUSE-SU-2012:0265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:14795", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14795" - }, - { - "name" : "oval:org.mitre.oval:def:15601", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15601" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html" + }, + { + "name": "oval:org.mitre.oval:def:14795", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14795" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "oval:org.mitre.oval:def:15601", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15601" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-03.html" + }, + { + "name": "RHSA-2012:0144", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0144.html" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0775.json b/2012/0xxx/CVE-2012-0775.json index 3898f8774c0..7dd0bf6fdaa 100644 --- a/2012/0xxx/CVE-2012-0775.json +++ b/2012/0xxx/CVE-2012-0775.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html" - }, - { - "name" : "RHSA-2012:0469", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0469.html" - }, - { - "name" : "SUSE-SU-2012:0522", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0524", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:0512", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" - }, - { - "name" : "TA12-101B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" - }, - { - "name" : "52949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52949" - }, - { - "name" : "oval:org.mitre.oval:def:15477", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15477" - }, - { - "name" : "1026908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026908" - }, - { - "name" : "48756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48756" - }, - { - "name" : "48846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48846" - }, - { - "name" : "adobe-reader-javascript-code-exec(74733)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74733" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:0469", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" + }, + { + "name": "48756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48756" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" + }, + { + "name": "SUSE-SU-2012:0524", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" + }, + { + "name": "52949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52949" + }, + { + "name": "48846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48846" + }, + { + "name": "TA12-101B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" + }, + { + "name": "SUSE-SU-2012:0522", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" + }, + { + "name": "openSUSE-SU-2012:0512", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" + }, + { + "name": "1026908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026908" + }, + { + "name": "oval:org.mitre.oval:def:15477", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15477" + }, + { + "name": "adobe-reader-javascript-code-exec(74733)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74733" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0808.json b/2012/0xxx/CVE-2012-0808.json index ef8ad2f6b3f..3ff4e5601b6 100644 --- a/2012/0xxx/CVE-2012-0808.json +++ b/2012/0xxx/CVE-2012-0808.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120124 CVE requests: Suhosin extension / as31", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/24/7" - }, - { - "name" : "[oss-security] 20120124 Re: CVE requests: Suhosin extension / as31", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/24/11" - }, - { - "name" : "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/05/1" - }, - { - "name" : "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/06/3" - }, - { - "name" : "[oss-security] 20120831 Re: Three CVE requests: at-spi2-atk, as31, naxsi", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/9" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1" + }, + { + "name": "[oss-security] 20120124 Re: CVE requests: Suhosin extension / as31", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/24/11" + }, + { + "name": "[oss-security] 20120124 CVE requests: Suhosin extension / as31", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/24/7" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496" + }, + { + "name": "[oss-security] 20120831 Re: Three CVE requests: at-spi2-atk, as31, naxsi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/9" + }, + { + "name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1066.json b/2012/1xxx/CVE-2012-1066.json index 2b1d21db885..3f65a72ffca 100644 --- a/2012/1xxx/CVE-2012-1066.json +++ b/2012/1xxx/CVE-2012-1066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt", - "refsource" : "MISC", - "url" : "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt" - }, - { - "name" : "51805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51805" - }, - { - "name" : "smartycms-template-xss(72918)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72918" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51805" + }, + { + "name": "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt", + "refsource": "MISC", + "url": "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt" + }, + { + "name": "smartycms-template-xss(72918)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72918" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1116.json b/2012/1xxx/CVE-2012-1116.json index 6167e72c261..d9a2cdcc170 100644 --- a/2012/1xxx/CVE-2012-1116.json +++ b/2012/1xxx/CVE-2012-1116.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120306 CVE-request: Joomla! Security News 2012-03", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/5" - }, - { - "name" : "[oss-security] 20120306 Re: CVE-request: Joomla! Security News 2012-03", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/12" - }, - { - "name" : "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html" - }, - { - "name" : "52312", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52312" - }, - { - "name" : "79837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79837" - }, - { - "name" : "48005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48005" - }, - { - "name" : "joomla-unspecified-param-sql-injection(73699)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73699" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html" + }, + { + "name": "joomla-unspecified-param-sql-injection(73699)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73699" + }, + { + "name": "48005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48005" + }, + { + "name": "[oss-security] 20120306 CVE-request: Joomla! Security News 2012-03", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/5" + }, + { + "name": "[oss-security] 20120306 Re: CVE-request: Joomla! Security News 2012-03", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/12" + }, + { + "name": "79837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79837" + }, + { + "name": "52312", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52312" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1571.json b/2012/1xxx/CVE-2012-1571.json index d6003749590..6862527cbba 100644 --- a/2012/1xxx/CVE-2012-1571.json +++ b/2012/1xxx/CVE-2012-1571.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[file] 20120221 file-5.11 is now available", - "refsource" : "MLIST", - "url" : "http://mx.gw.com/pipermail/file/2012/000914.html" - }, - { - "name" : "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295", - "refsource" : "CONFIRM", - "url" : "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295" - }, - { - "name" : "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b", - "refsource" : "CONFIRM", - "url" : "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b" - }, - { - "name" : "DSA-2422", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2422" - }, - { - "name" : "MDVSA-2012:035", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035" - }, - { - "name" : "USN-2123-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2123-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2422", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2422" + }, + { + "name": "MDVSA-2012:035", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035" + }, + { + "name": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b", + "refsource": "CONFIRM", + "url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b" + }, + { + "name": "[file] 20120221 file-5.11 is now available", + "refsource": "MLIST", + "url": "http://mx.gw.com/pipermail/file/2012/000914.html" + }, + { + "name": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295", + "refsource": "CONFIRM", + "url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295" + }, + { + "name": "USN-2123-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2123-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1769.json b/2012/1xxx/CVE-2012-1769.json index 9f1cd2aec42..c59045335c3 100644 --- a/2012/1xxx/CVE-2012-1769.json +++ b/2012/1xxx/CVE-2012-1769.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" - }, - { - "name" : "http://technet.microsoft.com/security/advisory/2737111", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2737111" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS12-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" - }, - { - "name" : "MS12-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" - }, - { - "name" : "VU#118913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/118913" - }, - { - "name" : "54500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54500" - }, - { - "name" : "oval:org.mitre.oval:def:15721", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15721" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "outsideintechnology-ofilter-dos(77002)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54500" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "VU#118913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/118913" + }, + { + "name": "MS12-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MS12-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" + }, + { + "name": "oval:org.mitre.oval:def:15721", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15721" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "http://technet.microsoft.com/security/advisory/2737111", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2737111" + }, + { + "name": "outsideintechnology-ofilter-dos(77002)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77002" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3189.json b/2012/3xxx/CVE-2012-3189.json index efd32e7d38e..2eb55a3603a 100644 --- a/2012/3xxx/CVE-2012-3189.json +++ b/2012/3xxx/CVE-2012-3189.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3725.json b/2012/3xxx/CVE-2012-3725.json index 9e0014ac053..980fccd40b0 100644 --- a/2012/3xxx/CVE-2012-3725.json +++ b/2012/3xxx/CVE-2012-3725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "apple-ios-dhcp-cve20123725(78720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "apple-ios-dhcp-cve20123725(78720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78720" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3738.json b/2012/3xxx/CVE-2012-3738.json index 7f2d4148d3d..dabc6eecb16 100644 --- a/2012/3xxx/CVE-2012-3738.json +++ b/2012/3xxx/CVE-2012-3738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "85620", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "85620", + "refsource": "OSVDB", + "url": "http://osvdb.org/85620" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3922.json b/2012/3xxx/CVE-2012-3922.json index 16e2f66f341..c412df68857 100644 --- a/2012/3xxx/CVE-2012-3922.json +++ b/2012/3xxx/CVE-2012-3922.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3922", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3922", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4006.json b/2012/4xxx/CVE-2012-4006.json index ab01f4856fc..56fb46e06a2 100644 --- a/2012/4xxx/CVE-2012-4006.json +++ b/2012/4xxx/CVE-2012-4006.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#99192898", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN99192898/index.html" - }, - { - "name" : "JVNDB-2012-000077", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000077", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000077" + }, + { + "name": "JVN#99192898", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN99192898/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4236.json b/2012/4xxx/CVE-2012-4236.json index 6921ce215e2..6d1f0be86c4 100644 --- a/2012/4xxx/CVE-2012-4236.json +++ b/2012/4xxx/CVE-2012-4236.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120813 Total Shop UK eCommerce Generic Cross-Site Scripting", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/13/7" - }, - { - "name" : "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html", - "refsource" : "MISC", - "url" : "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html" - }, - { - "name" : "54985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54985" - }, - { - "name" : "50238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html", + "refsource": "MISC", + "url": "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html" + }, + { + "name": "[oss-security] 20120813 Total Shop UK eCommerce Generic Cross-Site Scripting", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/13/7" + }, + { + "name": "54985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54985" + }, + { + "name": "50238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50238" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4249.json b/2012/4xxx/CVE-2012-4249.json index 1dedf31b478..90a4192de8d 100644 --- a/2012/4xxx/CVE-2012-4249.json +++ b/2012/4xxx/CVE-2012-4249.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368", - "refsource" : "MISC", - "url" : "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MORO-8WKGBN", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MORO-8WKGBN" - }, - { - "name" : "VU#122656", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/122656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368", + "refsource": "MISC", + "url": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368" + }, + { + "name": "VU#122656", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/122656" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4367.json b/2012/4xxx/CVE-2012-4367.json index 035d26df3fd..d37b17133c3 100644 --- a/2012/4xxx/CVE-2012-4367.json +++ b/2012/4xxx/CVE-2012-4367.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4367", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4367", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4854.json b/2012/4xxx/CVE-2012-4854.json index cd78125b121..aee657db545 100644 --- a/2012/4xxx/CVE-2012-4854.json +++ b/2012/4xxx/CVE-2012-4854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4854", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4854", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4973.json b/2012/4xxx/CVE-2012-4973.json index 682453248ea..6e9f35f5956 100644 --- a/2012/4xxx/CVE-2012-4973.json +++ b/2012/4xxx/CVE-2012-4973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4973", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4973", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002019.json b/2017/1002xxx/CVE-2017-1002019.json index 90ffda0cf9d..72f8f36ee29 100644 --- a/2017/1002xxx/CVE-2017-1002019.json +++ b/2017/1002xxx/CVE-2017-1002019.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-21", - "ID" : "CVE-2017-1002019", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "eventr", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "1.02.2" - } - ] - } - } - ] - }, - "vendor_name" : "Binny V A" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-05-21", + "ID": "CVE-2017-1002019", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "eventr", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.02.2" + } + ] + } + } + ] + }, + "vendor_name": "Binny V A" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=192", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=192" - }, - { - "name" : "https://wordpress.org/plugins/eventr/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/eventr/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/eventr/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/eventr/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=192", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=192" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2049.json b/2017/2xxx/CVE-2017-2049.json index c6d57cd096b..435ae4aec0d 100644 --- a/2017/2xxx/CVE-2017-2049.json +++ b/2017/2xxx/CVE-2017-2049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2049", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2049", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2063.json b/2017/2xxx/CVE-2017-2063.json index 6c40e982fcb..62d5cd79f8e 100644 --- a/2017/2xxx/CVE-2017-2063.json +++ b/2017/2xxx/CVE-2017-2063.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2063", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2063", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2227.json b/2017/2xxx/CVE-2017-2227.json index e80b54025e9..b6ef52c0214 100644 --- a/2017/2xxx/CVE-2017-2227.json +++ b/2017/2xxx/CVE-2017-2227.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "The installer of Charamin OMP", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1.1.7.4 and earlier" - }, - { - "version_value" : "Version 1.2.0.0 Beta and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Charamin steering committee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The installer of Charamin OMP", + "version": { + "version_data": [ + { + "version_value": "Version 1.1.7.4 and earlier" + }, + { + "version_value": "Version 1.2.0.0 Beta and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Charamin steering committee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#09293613", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN09293613/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#09293613", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN09293613/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2492.json b/2017/2xxx/CVE-2017-2492.json index 496d73b8950..b6110faeead 100644 --- a/2017/2xxx/CVE-2017-2492.json +++ b/2017/2xxx/CVE-2017-2492.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"JavaScriptCore\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"JavaScriptCore\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2574.json b/2017/2xxx/CVE-2017-2574.json index 4873b5478ac..1ce2f1302a8 100644 --- a/2017/2xxx/CVE-2017-2574.json +++ b/2017/2xxx/CVE-2017-2574.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2574", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2574", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3732.json b/2017/3xxx/CVE-2017-3732.json index a526eb938eb..ac1bcfbfcd3 100644 --- a/2017/3xxx/CVE-2017-3732.json +++ b/2017/3xxx/CVE-2017-3732.json @@ -1,199 +1,199 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "openssl-security@openssl.org", - "DATE_PUBLIC" : "2017-01-26", - "ID" : "CVE-2017-3732", - "STATE" : "PUBLIC", - "TITLE" : "BN_mod_exp may produce incorrect results on x86_64" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenSSL", - "version" : { - "version_data" : [ - { - "version_value" : "openssl-1.1.0" - }, - { - "version_value" : "openssl-1.1.0a" - }, - { - "version_value" : "openssl-1.1.0b" - }, - { - "version_value" : "openssl-1.1.0c" - }, - { - "version_value" : "openssl-1.0.2" - }, - { - "version_value" : "openssl-1.0.2a" - }, - { - "version_value" : "openssl-1.0.2b" - }, - { - "version_value" : "openssl-1.0.2c" - }, - { - "version_value" : "openssl-1.0.2d" - }, - { - "version_value" : "openssl-1.0.2e" - }, - { - "version_value" : "openssl-1.0.2f" - }, - { - "version_value" : "openssl-1.0.2g" - }, - { - "version_value" : "openssl-1.0.2h" - }, - { - "version_value" : "openssl-1.0.2i" - }, - { - "version_value" : "openssl-1.0.2j" - } - ] - } - } - ] - }, - "vendor_name" : "OpenSSL" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "OSS-Fuzz project" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem." - } - ] - }, - "impact" : [ - { - "lang" : "eng", - "url" : "https://www.openssl.org/policies/secpolicy.html#Moderate", - "value" : "Moderate" - } - ], - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "carry-propagating bug" - } + "CVE_data_meta": { + "ASSIGNER": "openssl-security@openssl.org", + "DATE_PUBLIC": "2017-01-26", + "ID": "CVE-2017-3732", + "STATE": "PUBLIC", + "TITLE": "BN_mod_exp may produce incorrect results on x86_64" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenSSL", + "version": { + "version_data": [ + { + "version_value": "openssl-1.1.0" + }, + { + "version_value": "openssl-1.1.0a" + }, + { + "version_value": "openssl-1.1.0b" + }, + { + "version_value": "openssl-1.1.0c" + }, + { + "version_value": "openssl-1.0.2" + }, + { + "version_value": "openssl-1.0.2a" + }, + { + "version_value": "openssl-1.0.2b" + }, + { + "version_value": "openssl-1.0.2c" + }, + { + "version_value": "openssl-1.0.2d" + }, + { + "version_value": "openssl-1.0.2e" + }, + { + "version_value": "openssl-1.0.2f" + }, + { + "version_value": "openssl-1.0.2g" + }, + { + "version_value": "openssl-1.0.2h" + }, + { + "version_value": "openssl-1.0.2i" + }, + { + "version_value": "openssl-1.0.2j" + } + ] + } + } + ] + }, + "vendor_name": "OpenSSL" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", - "refsource" : "MISC", - "url" : "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b" - }, - { - "name" : "https://www.openssl.org/news/secadv/20170126.txt", - "refsource" : "CONFIRM", - "url" : "https://www.openssl.org/news/secadv/20170126.txt" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://www.tenable.com/security/tns-2017-04", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-04" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us" - }, - { - "name" : "FreeBSD-SA-17:02", - "refsource" : "FREEBSD", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc" - }, - { - "name" : "GLSA-201702-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-07" - }, - { - "name" : "RHSA-2018:2185", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2185" - }, - { - "name" : "RHSA-2018:2186", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2186" - }, - { - "name" : "RHSA-2018:2187", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2187" - }, - { - "name" : "RHSA-2018:2568", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2568" - }, - { - "name" : "RHSA-2018:2575", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2575" - }, - { - "name" : "RHSA-2018:2713", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2713" - }, - { - "name" : "95814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95814" - }, - { - "name" : "1037717", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037717" - } - ] - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "OSS-Fuzz project" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem." + } + ] + }, + "impact": [ + { + "lang": "eng", + "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", + "value": "Moderate" + } + ], + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "carry-propagating bug" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2185", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2185" + }, + { + "name": "RHSA-2018:2186", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2186" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "RHSA-2018:2713", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2713" + }, + { + "name": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", + "refsource": "MISC", + "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b" + }, + { + "name": "FreeBSD-SA-17:02", + "refsource": "FREEBSD", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc" + }, + { + "name": "https://www.openssl.org/news/secadv/20170126.txt", + "refsource": "CONFIRM", + "url": "https://www.openssl.org/news/secadv/20170126.txt" + }, + { + "name": "1037717", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037717" + }, + { + "name": "RHSA-2018:2575", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2575" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "https://www.tenable.com/security/tns-2017-04", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-04" + }, + { + "name": "GLSA-201702-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-07" + }, + { + "name": "RHSA-2018:2568", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2568" + }, + { + "name": "95814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95814" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us" + }, + { + "name": "RHSA-2018:2187", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2187" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6150.json b/2017/6xxx/CVE-2017-6150.json index 2fc5b625d01..e4404c7fd0d 100644 --- a/2017/6xxx/CVE-2017-6150.json +++ b/2017/6xxx/CVE-2017-6150.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-02-28T00:00:00", - "ID" : "CVE-2017-6150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.1.0 - 12.1.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-02-28T00:00:00", + "ID": "CVE-2017-6150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.1.0 - 12.1.3.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K62712037", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K62712037" - }, - { - "name" : "103235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103235" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103235" + }, + { + "name": "https://support.f5.com/csp/article/K62712037", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K62712037" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6178.json b/2017/6xxx/CVE-2017-6178.json index 2cf88b46f19..474fff7395b 100644 --- a/2017/6xxx/CVE-2017-6178.json +++ b/2017/6xxx/CVE-2017-6178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41542", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41542/" - }, - { - "name" : "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html" - }, - { - "name" : "97026", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html" + }, + { + "name": "41542", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41542/" + }, + { + "name": "97026", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97026" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6622.json b/2017/6xxx/CVE-2017-6622.json index d50972e11ff..41e27da0dd0 100644 --- a/2017/6xxx/CVE-2017-6622.json +++ b/2017/6xxx/CVE-2017-6622.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Collaboration Provisioning", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Collaboration Provisioning" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Collaboration Provisioning", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Collaboration Provisioning" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42888", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42888/" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1" - }, - { - "name" : "98520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98520" - }, - { - "name" : "1038507", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038507" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038507", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038507" + }, + { + "name": "98520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98520" + }, + { + "name": "42888", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42888/" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6896.json b/2017/6xxx/CVE-2017-6896.json index 14ee4b61e07..52b734497c8 100644 --- a/2017/6xxx/CVE-2017-6896.json +++ b/2017/6xxx/CVE-2017-6896.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41633", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41633/" - }, - { - "name" : "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing", - "refsource" : "MISC", - "url" : "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing" - }, - { - "name" : "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion", - "refsource" : "MISC", - "url" : "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Mar/52", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/52" - }, - { - "name" : "https://packetstormsecurity.com/files/141693/digisol-escalate.txt", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/141693/digisol-escalate.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing", + "refsource": "MISC", + "url": "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Mar/52", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/52" + }, + { + "name": "https://packetstormsecurity.com/files/141693/digisol-escalate.txt", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/141693/digisol-escalate.txt" + }, + { + "name": "41633", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41633/" + }, + { + "name": "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion", + "refsource": "MISC", + "url": "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6909.json b/2017/6xxx/CVE-2017-6909.json index 0919d4cdd79..3a287294abf 100644 --- a/2017/6xxx/CVE-2017-6909.json +++ b/2017/6xxx/CVE-2017-6909.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the \"shimmie2-master/ext/chatbox/history/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/shish/shimmie2/issues/597", - "refsource" : "CONFIRM", - "url" : "https://github.com/shish/shimmie2/issues/597" - }, - { - "name" : "96932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the \"shimmie2-master/ext/chatbox/history/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/shish/shimmie2/issues/597", + "refsource": "CONFIRM", + "url": "https://github.com/shish/shimmie2/issues/597" + }, + { + "name": "96932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96932" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7266.json b/2017/7xxx/CVE-2017-7266.json index af5ddd993d8..2b8b665e7d9 100644 --- a/2017/7xxx/CVE-2017-7266.json +++ b/2017/7xxx/CVE-2017-7266.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the \"next\" parameter which then redirects to any domain irrespective of the Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466", - "refsource" : "CONFIRM", - "url" : "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466" - }, - { - "name" : "https://github.com/Netflix/security_monkey/pull/482", - "refsource" : "CONFIRM", - "url" : "https://github.com/Netflix/security_monkey/pull/482" - }, - { - "name" : "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0" - }, - { - "name" : "97088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the \"next\" parameter which then redirects to any domain irrespective of the Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0", + "refsource": "CONFIRM", + "url": "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0" + }, + { + "name": "97088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97088" + }, + { + "name": "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466", + "refsource": "CONFIRM", + "url": "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466" + }, + { + "name": "https://github.com/Netflix/security_monkey/pull/482", + "refsource": "CONFIRM", + "url": "https://github.com/Netflix/security_monkey/pull/482" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7500.json b/2017/7xxx/CVE-2017-7500.json index b1c9101c5fa..107ebdda872 100644 --- a/2017/7xxx/CVE-2017-7500.json +++ b/2017/7xxx/CVE-2017-7500.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-7500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rpm", - "version" : { - "version_data" : [ - { - "version_value" : "4.13.0.2" - }, - { - "version_value" : "4.14.0" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-59" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rpm", + "version": { + "version_data": [ + { + "version_value": "4.13.0.2" + }, + { + "version_value": "4.14.0" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500" - }, - { - "name" : "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", - "refsource" : "CONFIRM", - "url" : "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9" - }, - { - "name" : "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79", - "refsource" : "CONFIRM", - "url" : "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-59" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", + "refsource": "CONFIRM", + "url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9" + }, + { + "name": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79", + "refsource": "CONFIRM", + "url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7585.json b/2017/7xxx/CVE-2017-7585.json index a820a50b3b0..0abd3739309 100644 --- a/2017/7xxx/CVE-2017-7585.json +++ b/2017/7xxx/CVE-2017-7585.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" - }, - { - "name" : "http://www.mega-nerd.com/libsndfile/#History", - "refsource" : "CONFIRM", - "url" : "http://www.mega-nerd.com/libsndfile/#History" - }, - { - "name" : "http://www.mega-nerd.com/libsndfile/NEWS", - "refsource" : "CONFIRM", - "url" : "http://www.mega-nerd.com/libsndfile/NEWS" - }, - { - "name" : "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", - "refsource" : "CONFIRM", - "url" : "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" - }, - { - "name" : "GLSA-201707-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mega-nerd.com/libsndfile/#History", + "refsource": "CONFIRM", + "url": "http://www.mega-nerd.com/libsndfile/#History" + }, + { + "name": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", + "refsource": "CONFIRM", + "url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" + }, + { + "name": "http://www.mega-nerd.com/libsndfile/NEWS", + "refsource": "CONFIRM", + "url": "http://www.mega-nerd.com/libsndfile/NEWS" + }, + { + "name": "GLSA-201707-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-04" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7759.json b/2017/7xxx/CVE-2017-7759.json index 8fb69ba0c77..e95d073ceb8 100644 --- a/2017/7xxx/CVE-2017-7759.json +++ b/2017/7xxx/CVE-2017-7759.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local \"file:\" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Android intent URLs can cause navigation to local file system" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "99052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99052" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local \"file:\" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Android intent URLs can cause navigation to local file system" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "99052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99052" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7914.json b/2017/7xxx/CVE-2017-7914.json index 1f1b51e5e29..7785f593127 100644 --- a/2017/7xxx/CVE-2017-7914.json +++ b/2017/7xxx/CVE-2017-7914.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rockwell Automation PanelView Plus 6 700-1500", - "version" : { - "version_data" : [ - { - "version_value" : "Rockwell Automation PanelView Plus 6 700-1500" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-882" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation PanelView Plus 6 700-1500", + "version": { + "version_data": [ + { + "version_value": "Rockwell Automation PanelView Plus 6 700-1500" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-882" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10006.json b/2018/10xxx/CVE-2018-10006.json index c1bac18e380..1ba63ddeeb3 100644 --- a/2018/10xxx/CVE-2018-10006.json +++ b/2018/10xxx/CVE-2018-10006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10195.json b/2018/10xxx/CVE-2018-10195.json index 72aa16b8515..446bacd9bd7 100644 --- a/2018/10xxx/CVE-2018-10195.json +++ b/2018/10xxx/CVE-2018-10195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10195", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10877.json b/2018/10xxx/CVE-2018-10877.json index cac2f4c00cd..910c61d4cc5 100644 --- a/2018/10xxx/CVE-2018-10877.json +++ b/2018/10xxx/CVE-2018-10877.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "USN-3753-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-1/" - }, - { - "name" : "USN-3753-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "USN-3871-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-1/" - }, - { - "name" : "USN-3871-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-3/" - }, - { - "name" : "USN-3871-4", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-4/" - }, - { - "name" : "USN-3871-5", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-5/" - }, - { - "name" : "106503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877" + }, + { + "name": "USN-3753-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-2/" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "USN-3871-5", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-5/" + }, + { + "name": "USN-3871-4", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-4/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "USN-3871-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-1/" + }, + { + "name": "106503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106503" + }, + { + "name": "USN-3753-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-1/" + }, + { + "name": "USN-3871-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-3/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14577.json b/2018/14xxx/CVE-2018-14577.json index cfd49c68fee..0e033316ca8 100644 --- a/2018/14xxx/CVE-2018-14577.json +++ b/2018/14xxx/CVE-2018-14577.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14577", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14577", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14683.json b/2018/14xxx/CVE-2018-14683.json index 1a649fabf4c..4615d895af0 100644 --- a/2018/14xxx/CVE-2018-14683.json +++ b/2018/14xxx/CVE-2018-14683.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14683", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14683", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14784.json b/2018/14xxx/CVE-2018-14784.json index aad20ab4e6f..a283588643d 100644 --- a/2018/14xxx/CVE-2018-14784.json +++ b/2018/14xxx/CVE-2018-14784.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-09T00:00:00", - "ID" : "CVE-2018-14784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.", - "version" : { - "version_data" : [ - { - "version_value" : "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-09T00:00:00", + "ID": "CVE-2018-14784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.", + "version": { + "version_data": [ + { + "version_value": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02" - }, - { - "name" : "105053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02" + }, + { + "name": "105053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105053" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15610.json b/2018/15xxx/CVE-2018-15610.json index 8058f3592f9..ea2cf42f05d 100644 --- a/2018/15xxx/CVE-2018-15610.json +++ b/2018/15xxx/CVE-2018-15610.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "securityalerts@avaya.com", - "ID" : "CVE-2018-15610", - "STATE" : "PUBLIC", - "TITLE" : "Improper access controls in IP Office one-X Portal" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IP Office", - "version" : { - "version_data" : [ - { - "version_value" : "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2" - } - ] - } - } - ] - }, - "vendor_name" : "Avaya" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.3, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284: Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "ID": "CVE-2018-15610", + "STATE": "PUBLIC", + "TITLE": "Improper access controls in IP Office one-X Portal" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IP Office", + "version": { + "version_data": [ + { + "version_value": "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2" + } + ] + } + } + ] + }, + "vendor_name": "Avaya" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downloads.avaya.com/css/P8/documents/101051984", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/101051984" - } - ] - }, - "source" : { - "advisory" : "ASA-2018-256", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downloads.avaya.com/css/P8/documents/101051984", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101051984" + } + ] + }, + "source": { + "advisory": "ASA-2018-256", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20655.json b/2018/20xxx/CVE-2018-20655.json index fc6eb507bcb..2450a19f3cd 100644 --- a/2018/20xxx/CVE-2018-20655.json +++ b/2018/20xxx/CVE-2018-20655.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20655", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20655", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20695.json b/2018/20xxx/CVE-2018-20695.json index f8e90a1d7e8..330ff5d82cb 100644 --- a/2018/20xxx/CVE-2018-20695.json +++ b/2018/20xxx/CVE-2018-20695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9504.json b/2018/9xxx/CVE-2018-9504.json index adcb180c73a..36789937152 100644 --- a/2018/9xxx/CVE-2018-9504.json +++ b/2018/9xxx/CVE-2018-9504.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-9504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-9504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2", - "refsource" : "MISC", - "url" : "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-10-01,", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-10-01," - }, - { - "name" : "105482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105482" + }, + { + "name": "https://source.android.com/security/bulletin/2018-10-01,", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-10-01," + }, + { + "name": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2", + "refsource": "MISC", + "url": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9600.json b/2018/9xxx/CVE-2018-9600.json index b0ed96653ce..8363b0fd2c6 100644 --- a/2018/9xxx/CVE-2018-9600.json +++ b/2018/9xxx/CVE-2018-9600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9600", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9600", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9625.json b/2018/9xxx/CVE-2018-9625.json index 359d4bbc6e5..eeaa2aadd11 100644 --- a/2018/9xxx/CVE-2018-9625.json +++ b/2018/9xxx/CVE-2018-9625.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9625", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9625", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9685.json b/2018/9xxx/CVE-2018-9685.json index 0807767bcf4..edd961b90ff 100644 --- a/2018/9xxx/CVE-2018-9685.json +++ b/2018/9xxx/CVE-2018-9685.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9685", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9685", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9731.json b/2018/9xxx/CVE-2018-9731.json index f13fd1aa604..7e6a38020e2 100644 --- a/2018/9xxx/CVE-2018-9731.json +++ b/2018/9xxx/CVE-2018-9731.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9731", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9731", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file