From 299657505589f0985748826c62d57a7ae16ef496 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:40:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1063.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1398.json | 210 ++++++++++++------------- 2002/1xxx/CVE-2002-1439.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1543.json | 150 +++++++++--------- 2003/0xxx/CVE-2003-0150.json | 250 ++++++++++++++--------------- 2003/0xxx/CVE-2003-0160.json | 140 ++++++++--------- 2003/0xxx/CVE-2003-0349.json | 180 ++++++++++----------- 2003/0xxx/CVE-2003-0915.json | 34 ++-- 2003/1xxx/CVE-2003-1236.json | 190 +++++++++++------------ 2003/1xxx/CVE-2003-1466.json | 150 +++++++++--------- 2004/2xxx/CVE-2004-2204.json | 170 ++++++++++---------- 2004/2xxx/CVE-2004-2373.json | 140 ++++++++--------- 2004/2xxx/CVE-2004-2374.json | 140 ++++++++--------- 2012/0xxx/CVE-2012-0030.json | 170 ++++++++++---------- 2012/0xxx/CVE-2012-0445.json | 200 ++++++++++++------------ 2012/0xxx/CVE-2012-0537.json | 160 +++++++++---------- 2012/0xxx/CVE-2012-0593.json | 220 +++++++++++++------------- 2012/1xxx/CVE-2012-1410.json | 190 +++++++++++------------ 2012/1xxx/CVE-2012-1479.json | 130 ++++++++-------- 2012/1xxx/CVE-2012-1986.json | 270 ++++++++++++++++---------------- 2012/4xxx/CVE-2012-4393.json | 160 +++++++++---------- 2012/4xxx/CVE-2012-4874.json | 150 +++++++++--------- 2012/5xxx/CVE-2012-5301.json | 130 ++++++++-------- 2012/5xxx/CVE-2012-5533.json | 270 ++++++++++++++++---------------- 2012/5xxx/CVE-2012-5645.json | 34 ++-- 2012/5xxx/CVE-2012-5954.json | 150 +++++++++--------- 2017/3xxx/CVE-2017-3442.json | 142 ++++++++--------- 2017/3xxx/CVE-2017-3637.json | 152 +++++++++--------- 2017/3xxx/CVE-2017-3832.json | 140 ++++++++--------- 2017/3xxx/CVE-2017-3938.json | 34 ++-- 2017/6xxx/CVE-2017-6174.json | 34 ++-- 2017/6xxx/CVE-2017-6679.json | 150 +++++++++--------- 2017/6xxx/CVE-2017-6737.json | 140 ++++++++--------- 2017/7xxx/CVE-2017-7298.json | 140 ++++++++--------- 2017/7xxx/CVE-2017-7444.json | 130 ++++++++-------- 2017/7xxx/CVE-2017-7793.json | 276 ++++++++++++++++----------------- 2017/7xxx/CVE-2017-7970.json | 162 +++++++++---------- 2017/8xxx/CVE-2017-8314.json | 150 +++++++++--------- 2017/8xxx/CVE-2017-8948.json | 132 ++++++++-------- 2018/10xxx/CVE-2018-10166.json | 130 ++++++++-------- 2018/10xxx/CVE-2018-10650.json | 120 +++++++------- 2018/10xxx/CVE-2018-10969.json | 130 ++++++++-------- 2018/10xxx/CVE-2018-10971.json | 120 +++++++------- 2018/13xxx/CVE-2018-13373.json | 34 ++-- 2018/17xxx/CVE-2018-17046.json | 120 +++++++------- 2018/17xxx/CVE-2018-17542.json | 214 ++++++++++++------------- 2018/17xxx/CVE-2018-17657.json | 130 ++++++++-------- 2018/20xxx/CVE-2018-20222.json | 34 ++-- 2018/20xxx/CVE-2018-20260.json | 34 ++-- 2018/20xxx/CVE-2018-20422.json | 120 +++++++------- 2018/9xxx/CVE-2018-9008.json | 34 ++-- 2018/9xxx/CVE-2018-9626.json | 34 ++-- 2018/9xxx/CVE-2018-9670.json | 34 ++-- 2018/9xxx/CVE-2018-9681.json | 34 ++-- 2018/9xxx/CVE-2018-9724.json | 34 ++-- 55 files changed, 3703 insertions(+), 3703 deletions(-) diff --git a/2002/1xxx/CVE-2002-1063.json b/2002/1xxx/CVE-2002-1063.json index 8ba3209cbeb..6fdb42c8733 100644 --- a/2002/1xxx/CVE-2002-1063.json +++ b/2002/1xxx/CVE-2002-1063.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html" - }, - { - "name" : "jana-ftp-pasv-dos(9687)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9687.php" - }, - { - "name" : "5325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of FTP PASV requests, which consumes all available FTP ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html" + }, + { + "name": "5325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5325" + }, + { + "name": "jana-ftp-pasv-dos(9687)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9687.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1398.json b/2002/1xxx/CVE-2002-1398.json index 5037327664a..8800f0a96af 100644 --- a/2002/1xxx/CVE-2002-1398.json +++ b/2002/1xxx/CVE-2002-1398.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability \"in handling long datetime input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102978152712430&w=2" - }, - { - "name" : "20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102996089613404&w=2" - }, - { - "name" : "20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103021186622725&w=2" - }, - { - "name" : "http://marc.info/?l=postgresql-announce&m=103062536330644", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=postgresql-announce&m=103062536330644" - }, - { - "name" : "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php", - "refsource" : "CONFIRM", - "url" : "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php" - }, - { - "name" : "DSA-165", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-165" - }, - { - "name" : "RHSA-2003:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-001.html" - }, - { - "name" : "SuSE-SA:2002:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_038_postgresql.html" - }, - { - "name" : "20020826 GLSA: PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103036987114437&w=2" - }, - { - "name" : "8034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows attackers to cause a denial of service and possibly execute arbitrary code via a long date string, aka a vulnerability \"in handling long datetime input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=postgresql-announce&m=103062536330644", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=postgresql-announce&m=103062536330644" + }, + { + "name": "8034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8034" + }, + { + "name": "RHSA-2003:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-001.html" + }, + { + "name": "DSA-165", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-165" + }, + { + "name": "20020821 Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102996089613404&w=2" + }, + { + "name": "20020819 Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102978152712430&w=2" + }, + { + "name": "SuSE-SA:2002:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_038_postgresql.html" + }, + { + "name": "20020826 GLSA: PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103036987114437&w=2" + }, + { + "name": "20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103021186622725&w=2" + }, + { + "name": "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php", + "refsource": "CONFIRM", + "url": "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1439.json b/2002/1xxx/CVE-2002-1439.json index 49c8cf39b6a..6349be68a91 100644 --- a/2002/1xxx/CVE-2002-1439.json +++ b/2002/1xxx/CVE-2002-1439.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0208-211", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0050.html" - }, - { - "name" : "hp-vvos-tga-corruption(9846)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9846.php" - }, - { - "name" : "5459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5459" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability related to stack corruption in the TGA daemon for HP-UX 11.04 (VVOS) Virtualvault 4.0, 4.5, and 4.6 may allow attackers to obtain access to system files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0208-211", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0050.html" + }, + { + "name": "hp-vvos-tga-corruption(9846)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9846.php" + }, + { + "name": "5459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5459" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1543.json b/2002/1xxx/CVE-2002-1543.json index 34a3947e15a..c5521ad1077 100644 --- a/2002/1xxx/CVE-2002-1543.json +++ b/2002/1xxx/CVE-2002-1543.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2002-025", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc" - }, - { - "name" : "trek-keyboard-input-bo(10458)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10458.php" - }, - { - "name" : "6036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6036" - }, - { - "name" : "7570", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "NetBSD-SA2002-025", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc" + }, + { + "name": "6036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6036" + }, + { + "name": "trek-keyboard-input-bo(10458)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10458.php" + }, + { + "name": "7570", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7570" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0150.json b/2003/0xxx/CVE-2003-0150.json index 5b1f407d99c..7246afc19be 100644 --- a/2003/0xxx/CVE-2003-0150.json +++ b/2003/0xxx/CVE-2003-0150.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the \"SELECT * INFO OUTFILE\" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030308 MySQL_user_can_be_changed_to_root?", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104715840202315&w=2" - }, - { - "name" : "20030310 Re: MySQL user can be changed to root", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104739810523433&w=2" - }, - { - "name" : "CLA-2003:743", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743" - }, - { - "name" : "DSA-303", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-303" - }, - { - "name" : "ESA-20030324-012", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html" - }, - { - "name" : "RHSA-2003:093", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-093.html" - }, - { - "name" : "RHSA-2003:094", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2003-094.html" - }, - { - "name" : "MDKSA-2003:057", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:057" - }, - { - "name" : "20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104800948128630&w=2" - }, - { - "name" : "20030318 GLSA: mysql (200303-14)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104802285012750&w=2" - }, - { - "name" : "VU#203897", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/203897" - }, - { - "name" : "7052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7052" - }, - { - "name" : "mysql-datadir-root-privileges(11510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11510" - }, - { - "name" : "oval:org.mitre.oval:def:442", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the \"SELECT * INFO OUTFILE\" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104800948128630&w=2" + }, + { + "name": "oval:org.mitre.oval:def:442", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442" + }, + { + "name": "CLA-2003:743", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743" + }, + { + "name": "20030318 GLSA: mysql (200303-14)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104802285012750&w=2" + }, + { + "name": "DSA-303", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-303" + }, + { + "name": "mysql-datadir-root-privileges(11510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11510" + }, + { + "name": "RHSA-2003:094", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2003-094.html" + }, + { + "name": "MDKSA-2003:057", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:057" + }, + { + "name": "VU#203897", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/203897" + }, + { + "name": "20030310 Re: MySQL user can be changed to root", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104739810523433&w=2" + }, + { + "name": "ESA-20030324-012", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html" + }, + { + "name": "RHSA-2003:093", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-093.html" + }, + { + "name": "7052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7052" + }, + { + "name": "20030308 MySQL_user_can_be_changed_to_root?", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104715840202315&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0160.json b/2003/0xxx/CVE-2003-0160.json index 6533db78a62..e55c2a89b11 100644 --- a/2003/0xxx/CVE-2003-0160.json +++ b/2003/0xxx/CVE-2003-0160.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988" - }, - { - "name" : "RHSA-2003:112", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-112.html" - }, - { - "name" : "oval:org.mitre.oval:def:614", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988" + }, + { + "name": "RHSA-2003:112", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-112.html" + }, + { + "name": "oval:org.mitre.oval:def:614", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0349.json b/2003/0xxx/CVE-2003-0349.json index b8837a032bb..17e22fabcfb 100644 --- a/2003/0xxx/CVE-2003-0349.json +++ b/2003/0xxx/CVE-2003-0349.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030626 Windows Media Services Remote Command Execution #2", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563" - }, - { - "name" : "20030626 Windows Media Services Remote Command Execution #2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105665030925504&w=2" - }, - { - "name" : "MS03-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022" - }, - { - "name" : "VU#113716", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/113716" - }, - { - "name" : "oval:org.mitre.oval:def:938", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938" - }, - { - "name" : "1007059", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007059" - }, - { - "name" : "9115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030626 Windows Media Services Remote Command Execution #2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105665030925504&w=2" + }, + { + "name": "9115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9115" + }, + { + "name": "VU#113716", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/113716" + }, + { + "name": "oval:org.mitre.oval:def:938", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938" + }, + { + "name": "MS03-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022" + }, + { + "name": "20030626 Windows Media Services Remote Command Execution #2", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563" + }, + { + "name": "1007059", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007059" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0915.json b/2003/0xxx/CVE-2003-0915.json index 5c40d7746ac..69f6ce24005 100644 --- a/2003/0xxx/CVE-2003-0915.json +++ b/2003/0xxx/CVE-2003-0915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0915", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0915", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1236.json b/2003/1xxx/CVE-2003-1236.json index f590b3ea459..6056dfded47 100644 --- a/2003/1xxx/CVE-2003-1236.json +++ b/2003/1xxx/CVE-2003-1236.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030108 Tanne Remote format string exploit (Proof of Concept)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305663" - }, - { - "name" : "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html" - }, - { - "name" : "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305460" - }, - { - "name" : "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2", - "refsource" : "CONFIRM", - "url" : "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2" - }, - { - "name" : "6553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6553" - }, - { - "name" : "1005900", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005900" - }, - { - "name" : "7831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7831" - }, - { - "name" : "tanne-logger-format-string(11006)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11006.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6553" + }, + { + "name": "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2", + "refsource": "CONFIRM", + "url": "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2" + }, + { + "name": "tanne-logger-format-string(11006)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11006.php" + }, + { + "name": "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html" + }, + { + "name": "20030108 Tanne Remote format string exploit (Proof of Concept)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305663" + }, + { + "name": "1005900", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005900" + }, + { + "name": "7831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7831" + }, + { + "name": "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305460" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1466.json b/2003/1xxx/CVE-2003-1466.json index 5f13d162547..00b2666a315 100644 --- a/2003/1xxx/CVE-2003-1466.json +++ b/2003/1xxx/CVE-2003-1466.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030513 Phorum Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/321310" - }, - { - "name" : "7581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7581" - }, - { - "name" : "7583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7583" - }, - { - "name" : "3288", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7583" + }, + { + "name": "7581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7581" + }, + { + "name": "3288", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3288" + }, + { + "name": "20030513 Phorum Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/321310" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2204.json b/2004/2xxx/CVE-2004-2204.json index 320323b372b..40a9b5e68dc 100644 --- a/2004/2xxx/CVE-2004-2204.json +++ b/2004/2xxx/CVE-2004-2204.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040930 CFMX vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/377213" - }, - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html" - }, - { - "name" : "11364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11364" - }, - { - "name" : "10718", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10718" - }, - { - "name" : "12693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12693" - }, - { - "name" : "coldfusion-gain-access(17567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040930 CFMX vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/377213" + }, + { + "name": "coldfusion-gain-access(17567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17567" + }, + { + "name": "12693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12693" + }, + { + "name": "10718", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10718" + }, + { + "name": "11364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11364" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-10.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2373.json b/2004/2xxx/CVE-2004-2373.json index dd4f1b21b89..e8be1b07570 100644 --- a/2004/2xxx/CVE-2004-2373.json +++ b/2004/2xxx/CVE-2004-2373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040219 Aol Instant Messenger/Microsoft Internet Explorer remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/354448" - }, - { - "name" : "9698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9698" - }, - { - "name" : "aim-buddy-predictable-location(15310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040219 Aol Instant Messenger/Microsoft Internet Explorer remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/354448" + }, + { + "name": "9698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9698" + }, + { + "name": "aim-buddy-predictable-location(15310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15310" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2374.json b/2004/2xxx/CVE-2004-2374.json index bf10c7165d5..3bf1c39e996 100644 --- a/2004/2xxx/CVE-2004-2374.json +++ b/2004/2xxx/CVE-2004-2374.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040224 BadBlue 2.4 Local Path Disclosure By phptest.php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/355109" - }, - { - "name" : "9737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9737" - }, - { - "name" : "badblue-phptestphp-path-disclosure(15311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040224 BadBlue 2.4 Local Path Disclosure By phptest.php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/355109" + }, + { + "name": "badblue-phptestphp-path-disclosure(15311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15311" + }, + { + "name": "9737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9737" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0030.json b/2012/0xxx/CVE-2012-0030.json index 5a41c58ce39..c26cd915d9e 100644 --- a/2012/0xxx/CVE-2012-0030.json +++ b/2012/0xxx/CVE-2012-0030.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/openstack/msg06648.html" - }, - { - "name" : "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0" - }, - { - "name" : "USN-1326-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1326-1" - }, - { - "name" : "51370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51370" - }, - { - "name" : "47543", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47543" - }, - { - "name" : "nova-security-bypass(72296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nova-security-bypass(72296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296" + }, + { + "name": "47543", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47543" + }, + { + "name": "USN-1326-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1326-1" + }, + { + "name": "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0" + }, + { + "name": "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/openstack/msg06648.html" + }, + { + "name": "51370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51370" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0445.json b/2012/0xxx/CVE-2012-0445.json index 51e33c0ad6b..d0365f6d21b 100644 --- a/2012/0xxx/CVE-2012-0445.json +++ b/2012/0xxx/CVE-2012-0445.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-03.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701071", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=701071" - }, - { - "name" : "MDVSA-2012:013", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" - }, - { - "name" : "openSUSE-SU-2012:0234", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" - }, - { - "name" : "51765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51765" - }, - { - "name" : "78735", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78735" - }, - { - "name" : "oval:org.mitre.oval:def:14907", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - }, - { - "name" : "mozilla-iframeelement-security-bypass(72835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=701071", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=701071" + }, + { + "name": "mozilla-iframeelement-security-bypass(72835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72835" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "78735", + "refsource": "OSVDB", + "url": "http://osvdb.org/78735" + }, + { + "name": "MDVSA-2012:013", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" + }, + { + "name": "oval:org.mitre.oval:def:14907", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907" + }, + { + "name": "51765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51765" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-03.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-03.html" + }, + { + "name": "openSUSE-SU-2012:0234", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0537.json b/2012/0xxx/CVE-2012-0537.json index 26bb9850f1b..b64fb730043 100644 --- a/2012/0xxx/CVE-2012-0537.json +++ b/2012/0xxx/CVE-2012-0537.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53066" - }, - { - "name" : "1026936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026936" - }, - { - "name" : "48871", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53066" + }, + { + "name": "48871", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48871" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026936" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0593.json b/2012/0xxx/CVE-2012-0593.json index 516e79c6f22..0e4b84ed6b9 100644 --- a/2012/0xxx/CVE-2012-0593.json +++ b/2012/0xxx/CVE-2012-0593.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79915", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79915" - }, - { - "name" : "oval:org.mitre.oval:def:17427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17427" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120593-code-execution(73812)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "apple-webkit-cve20120593-code-execution(73812)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73812" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "79915", + "refsource": "OSVDB", + "url": "http://osvdb.org/79915" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "oval:org.mitre.oval:def:17427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17427" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1410.json b/2012/1xxx/CVE-2012-1410.json index 9741003fe40..ae8a62fe7da 100644 --- a/2012/1xxx/CVE-2012-1410.json +++ b/2012/1xxx/CVE-2012-1410.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/27/3" - }, - { - "name" : "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/27/26" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=749036", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=749036" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=797777", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=797777" - }, - { - "name" : "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6" - }, - { - "name" : "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0" - }, - { - "name" : "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84" - }, - { - "name" : "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52", + "refsource": "CONFIRM", + "url": "https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52" + }, + { + "name": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6", + "refsource": "CONFIRM", + "url": "https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6" + }, + { + "name": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0", + "refsource": "CONFIRM", + "url": "https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0" + }, + { + "name": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84", + "refsource": "CONFIRM", + "url": "https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=749036", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=749036" + }, + { + "name": "[oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/27/26" + }, + { + "name": "[oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/27/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=797777", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=797777" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1479.json b/2012/1xxx/CVE-2012-1479.json index 10a5b174df7..0e102277be2 100644 --- a/2012/1xxx/CVE-2012-1479.json +++ b/2012/1xxx/CVE-2012-1479.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1479-vulnerability-in-AContact.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1479-vulnerability-in-AContact.html" - }, - { - "name" : "acontact-android-unspecified(74025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1479-vulnerability-in-AContact.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1479-vulnerability-in-AContact.html" + }, + { + "name": "acontact-android-unspecified(74025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74025" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1986.json b/2012/1xxx/CVE-2012-1986.json index ec17e99c796..abf49d61846 100644 --- a/2012/1xxx/CVE-2012-1986.json +++ b/2012/1xxx/CVE-2012-1986.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.puppetlabs.com/issues/13511", - "refsource" : "MISC", - "url" : "http://projects.puppetlabs.com/issues/13511" - }, - { - "name" : "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", - "refsource" : "CONFIRM", - "url" : "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" - }, - { - "name" : "http://puppetlabs.com/security/cve/cve-2012-1986/", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2012-1986/" - }, - { - "name" : "DSA-2451", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2451" - }, - { - "name" : "FEDORA-2012-5999", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" - }, - { - "name" : "FEDORA-2012-6055", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" - }, - { - "name" : "FEDORA-2012-6674", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" - }, - { - "name" : "openSUSE-SU-2012:0608", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/14523305" - }, - { - "name" : "openSUSE-SU-2012:0835", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15087408" - }, - { - "name" : "USN-1419-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1419-1" - }, - { - "name" : "52975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52975" - }, - { - "name" : "48743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48743" - }, - { - "name" : "48748", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48748" - }, - { - "name" : "48789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48789" - }, - { - "name" : "49136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49136" - }, - { - "name" : "puppet-rest-symlink(74794)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1419-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1419-1" + }, + { + "name": "FEDORA-2012-5999", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html" + }, + { + "name": "http://puppetlabs.com/security/cve/cve-2012-1986/", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2012-1986/" + }, + { + "name": "openSUSE-SU-2012:0608", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/14523305" + }, + { + "name": "puppet-rest-symlink(74794)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74794" + }, + { + "name": "48743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48743" + }, + { + "name": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15", + "refsource": "CONFIRM", + "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15" + }, + { + "name": "FEDORA-2012-6055", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html" + }, + { + "name": "FEDORA-2012-6674", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html" + }, + { + "name": "http://projects.puppetlabs.com/issues/13511", + "refsource": "MISC", + "url": "http://projects.puppetlabs.com/issues/13511" + }, + { + "name": "49136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49136" + }, + { + "name": "52975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52975" + }, + { + "name": "48748", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48748" + }, + { + "name": "DSA-2451", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2451" + }, + { + "name": "openSUSE-SU-2012:0835", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15087408" + }, + { + "name": "48789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48789" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4393.json b/2012/4xxx/CVE-2012-4393.json index 9ab93ae7100..3531838d497 100644 --- a/2012/4xxx/CVE-2012-4393.json +++ b/2012/4xxx/CVE-2012-4393.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1" - }, - { - "name" : "[oss-security] 20120901 Re: CVE - ownCloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2" - }, - { - "name" : "http://owncloud.org/changelog/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/changelog/" - }, - { - "name" : "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f" - }, - { - "name" : "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f" + }, + { + "name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/11/1" + }, + { + "name": "[oss-security] 20120901 Re: CVE - ownCloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/2" + }, + { + "name": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745" + }, + { + "name": "http://owncloud.org/changelog/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4874.json b/2012/4xxx/CVE-2012-4874.json index 670700d94c1..878010d46d2 100644 --- a/2012/4xxx/CVE-2012-4874.json +++ b/2012/4xxx/CVE-2012-4874.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to \"image uploads.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/extend/plugins/another-wordpress-classifieds-plugin/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/another-wordpress-classifieds-plugin/changelog/" - }, - { - "name" : "52861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52861" - }, - { - "name" : "80881", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80881" - }, - { - "name" : "47335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to \"image uploads.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47335" + }, + { + "name": "52861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52861" + }, + { + "name": "http://wordpress.org/extend/plugins/another-wordpress-classifieds-plugin/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/another-wordpress-classifieds-plugin/changelog/" + }, + { + "name": "80881", + "refsource": "OSVDB", + "url": "http://osvdb.org/80881" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5301.json b/2012/5xxx/CVE-2012-5301.json index 62654c7b4b4..3513f6e91ea 100644 --- a/2012/5xxx/CVE-2012-5301.json +++ b/2012/5xxx/CVE-2012-5301.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cerberusftp.com/products/releasenotes.html", - "refsource" : "CONFIRM", - "url" : "http://www.cerberusftp.com/products/releasenotes.html" - }, - { - "name" : "cerberus-ftp-info-disclosure(79503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a brute-force attack on the encrypted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cerberusftp.com/products/releasenotes.html", + "refsource": "CONFIRM", + "url": "http://www.cerberusftp.com/products/releasenotes.html" + }, + { + "name": "cerberus-ftp-info-disclosure(79503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79503" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5533.json b/2012/5xxx/CVE-2012-5533.json index cef67dda579..ce8ef2aff32 100644 --- a/2012/5xxx/CVE-2012-5533.json +++ b/2012/5xxx/CVE-2012-5533.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the \"Connection: TE,,Keep-Alive\" header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22902", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/22902" - }, - { - "name" : "[oss-security] 20121121 lighttpd 1.4.32 released, fixing CVE-2012-5533", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/21/1" - }, - { - "name" : "http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch", - "refsource" : "MISC", - "url" : "http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch" - }, - { - "name" : "http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html" - }, - { - "name" : "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt", - "refsource" : "CONFIRM", - "url" : "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt" - }, - { - "name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345", - "refsource" : "CONFIRM", - "url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345" - }, - { - "name" : "HPSBGN03191", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141576815022399&w=2" - }, - { - "name" : "MDVSA-2013:100", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:100" - }, - { - "name" : "openSUSE-SU-2012:1532", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00044.html" - }, - { - "name" : "openSUSE-SU-2014:0074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00051.html" - }, - { - "name" : "56619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56619" - }, - { - "name" : "87623", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87623" - }, - { - "name" : "1027802", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027802" - }, - { - "name" : "51268", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51268" - }, - { - "name" : "51298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51298" - }, - { - "name" : "lighttpd-httprequestsplitvalue-dos(80213)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the \"Connection: TE,,Keep-Alive\" header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121121 lighttpd 1.4.32 released, fixing CVE-2012-5533", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/21/1" + }, + { + "name": "openSUSE-SU-2012:1532", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00044.html" + }, + { + "name": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt", + "refsource": "CONFIRM", + "url": "http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2012_01.txt" + }, + { + "name": "22902", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/22902" + }, + { + "name": "1027802", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027802" + }, + { + "name": "http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch", + "refsource": "MISC", + "url": "http://download.lighttpd.net/lighttpd/security/lighttpd-1.4.31_fix_connection_header_dos.patch" + }, + { + "name": "http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/118282/Simple-Lighttpd-1.4.31-Denial-Of-Service.html" + }, + { + "name": "51268", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51268" + }, + { + "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345", + "refsource": "CONFIRM", + "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0345" + }, + { + "name": "87623", + "refsource": "OSVDB", + "url": "http://osvdb.org/87623" + }, + { + "name": "HPSBGN03191", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141576815022399&w=2" + }, + { + "name": "MDVSA-2013:100", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:100" + }, + { + "name": "lighttpd-httprequestsplitvalue-dos(80213)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80213" + }, + { + "name": "51298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51298" + }, + { + "name": "openSUSE-SU-2014:0074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00051.html" + }, + { + "name": "56619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56619" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5645.json b/2012/5xxx/CVE-2012-5645.json index 811d7a4cdee..bedefa0ef05 100644 --- a/2012/5xxx/CVE-2012-5645.json +++ b/2012/5xxx/CVE-2012-5645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5954.json b/2012/5xxx/CVE-2012-5954.json index 278eaef1421..ee14f298f5d 100644 --- a/2012/5xxx/CVE-2012-5954.json +++ b/2012/5xxx/CVE-2012-5954.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615292", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615292" - }, - { - "name" : "IC86724", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86724" - }, - { - "name" : "1027901", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027901" - }, - { - "name" : "tsm-dsmrootd-unauth-access(80668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027901", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027901" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615292", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615292" + }, + { + "name": "IC86724", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC86724" + }, + { + "name": "tsm-dsmrootd-unauth-access(80668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80668" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3442.json b/2017/3xxx/CVE-2017-3442.json index a9e19219961..0b324af064b 100644 --- a/2017/3xxx/CVE-2017-3442.json +++ b/2017/3xxx/CVE-2017-3442.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Customer Interaction History", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Customer Interaction History", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95573" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3637.json b/2017/3xxx/CVE-2017-3637.json index 928a34ec72d..32d3ef3afa0 100644 --- a/2017/3xxx/CVE-2017-3637.json +++ b/2017/3xxx/CVE-2017-3637.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "99748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99748" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "name": "99748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99748" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3832.json b/2017/3xxx/CVE-2017-3832.json index 89e92ee9d31..973b86ebdd1 100644 --- a/2017/3xxx/CVE-2017-3832.json +++ b/2017/3xxx/CVE-2017-3832.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wireless LAN Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wireless LAN Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wireless LAN Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Wireless LAN Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3" - }, - { - "name" : "97421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97421" - }, - { - "name" : "1038184", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a missing internal handler for the specific request. An attacker could exploit this vulnerability by accessing a specific hidden URL on the GUI web management interface. A successful exploit could allow the attacker to cause a reload of the device, resulting in a DoS condition. This vulnerability affects only the Cisco Wireless LAN Controller 8.3.102.0 release. Cisco Bug IDs: CSCvb48198." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3" + }, + { + "name": "97421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97421" + }, + { + "name": "1038184", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038184" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3938.json b/2017/3xxx/CVE-2017-3938.json index 981f7719f13..7f22f88fec1 100644 --- a/2017/3xxx/CVE-2017-3938.json +++ b/2017/3xxx/CVE-2017-3938.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3938", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3938", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6174.json b/2017/6xxx/CVE-2017-6174.json index e4deda5bffe..8f47b334da1 100644 --- a/2017/6xxx/CVE-2017-6174.json +++ b/2017/6xxx/CVE-2017-6174.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6174", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6174", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6679.json b/2017/6xxx/CVE-2017-6679.json index b15f46f2b77..24eab9a377b 100644 --- a/2017/6xxx/CVE-2017-6679.json +++ b/2017/6xxx/CVE-2017-6679.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Umbrella Virtual Appliance Version 2.0.3 and prior", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Umbrella Virtual Appliance Version 2.0.3 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "undocumented encrypted remote support tunnel" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Umbrella Virtual Appliance Version 2.0.3 and prior", + "version": { + "version_data": [ + { + "version_value": "Cisco Umbrella Virtual Appliance Version 2.0.3 and prior" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.umbrella.com/hc/en-us/articles/115004154423", - "refsource" : "MISC", - "url" : "https://support.umbrella.com/hc/en-us/articles/115004154423" - }, - { - "name" : "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15", - "refsource" : "MISC", - "url" : "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15" - }, - { - "name" : "https://www.info-sec.ca/advisories/Cisco-Umbrella.html", - "refsource" : "MISC", - "url" : "https://www.info-sec.ca/advisories/Cisco-Umbrella.html" - }, - { - "name" : "101567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained an undocumented encrypted remote support tunnel (SSH) which auto initiated from the customer's appliance to Cisco's SSH Hubs in the Umbrella datacenters. These tunnels were primarily leveraged for remote support and allowed for authorized/authenticated personnel from the Cisco Umbrella team to access the appliance remotely and obtain full control without explicit customer approval. To address this vulnerability, the Umbrella Virtual Appliance version 2.1.0 now requires explicit customer approval before an SSH tunnel from the VA to the Cisco terminating server can be established." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "undocumented encrypted remote support tunnel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html", + "refsource": "MISC", + "url": "https://www.info-sec.ca/advisories/Cisco-Umbrella.html" + }, + { + "name": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15", + "refsource": "MISC", + "url": "https://support.umbrella.com/hc/en-us/articles/115004752143-Virtual-Appliance-Vulnerability-due-to-always-on-SSH-Tunnel-RESOLVED-2017-09-15" + }, + { + "name": "101567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101567" + }, + { + "name": "https://support.umbrella.com/hc/en-us/articles/115004154423", + "refsource": "MISC", + "url": "https://support.umbrella.com/hc/en-us/articles/115004154423" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6737.json b/2017/6xxx/CVE-2017-6737.json index 050fb26f344..c469163e552 100644 --- a/2017/6xxx/CVE-2017-6737.json +++ b/2017/6xxx/CVE-2017-6737.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp" - }, - { - "name" : "99345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99345" - }, - { - "name" : "1038808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60402." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99345" + }, + { + "name": "1038808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038808" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7298.json b/2017/7xxx/CVE-2017-7298.json index 22981f553b3..1af49baf065 100644 --- a/2017/7xxx/CVE-2017-7298.json +++ b/2017/7xxx/CVE-2017-7298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Moodle 3.2.2+, there is XSS in the Course summary filter of the \"Add a new course\" page, as demonstrated by a crafted attribute of an SVG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.daimacn.com/post/12.html", - "refsource" : "MISC", - "url" : "http://www.daimacn.com/post/12.html" - }, - { - "name" : "http://www.daimacn.com/index.php/post/12.html", - "refsource" : "MISC", - "url" : "http://www.daimacn.com/index.php/post/12.html" - }, - { - "name" : "97182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Moodle 3.2.2+, there is XSS in the Course summary filter of the \"Add a new course\" page, as demonstrated by a crafted attribute of an SVG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.daimacn.com/index.php/post/12.html", + "refsource": "MISC", + "url": "http://www.daimacn.com/index.php/post/12.html" + }, + { + "name": "97182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97182" + }, + { + "name": "http://www.daimacn.com/post/12.html", + "refsource": "MISC", + "url": "http://www.daimacn.com/post/12.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7444.json b/2017/7xxx/CVE-2017-7444.json index a94aef1e649..5b37d6f202e 100644 --- a/2017/7xxx/CVE-2017-7444.json +++ b/2017/7xxx/CVE-2017-7444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-001.html#Issue1", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-001.html#Issue1" - }, - { - "name" : "97483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97483" + }, + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-001.html#Issue1", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-001.html#Issue1" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7793.json b/2017/7xxx/CVE-2017-7793.json index 095ab3a00c8..06a34648b53 100644 --- a/2017/7xxx/CVE-2017-7793.json +++ b/2017/7xxx/CVE-2017-7793.json @@ -1,140 +1,140 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.4" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.4" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free with Fetch API" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.4" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.4" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1371889", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1371889" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-22/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-22/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-23/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-23/" - }, - { - "name" : "DSA-3987", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3987" - }, - { - "name" : "DSA-4014", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4014" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2831", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2831" - }, - { - "name" : "RHSA-2017:2885", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2885" - }, - { - "name" : "101055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101055" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free with Fetch API" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1371889", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1371889" + }, + { + "name": "[debian-lts-announce] 20171101 [SECURITY] [DLA 1153-1] icedove/thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-22/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-22/" + }, + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "RHSA-2017:2831", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2831" + }, + { + "name": "RHSA-2017:2885", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2885" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "101055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101055" + }, + { + "name": "DSA-4014", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4014" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-23/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-23/" + }, + { + "name": "DSA-3987", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3987" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7970.json b/2017/7xxx/CVE-2017-7970.json index 14db7825b3b..0fc449bb19a 100644 --- a/2017/7xxx/CVE-2017-7970.json +++ b/2017/7xxx/CVE-2017-7970.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2017-06-22T00:00:00", - "ID" : "CVE-2017-7970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PowerSCADA Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2" - } - ] - } - }, - { - "product_name" : "Citect Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2017-06-22T00:00:00", + "ID": "CVE-2017-7970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PowerSCADA Anywhere", + "version": { + "version_data": [ + { + "version_value": "Version 1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2" + } + ] + } + }, + { + "product_name": "Citect Anywhere", + "version": { + "version_data": [ + { + "version_value": "version 1.0" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/", - "refsource" : "CONFIRM", - "url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/" - }, - { - "name" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere", - "refsource" : "CONFIRM", - "url" : "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere" - }, - { - "name" : "99913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99913" + }, + { + "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere", + "refsource": "CONFIRM", + "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9071-security-notification-citect-anywhere" + }, + { + "name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/", + "refsource": "CONFIRM", + "url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-173-01/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8314.json b/2017/8xxx/CVE-2017-8314.json index e8e657e0006..858758e7056 100644 --- a/2017/8xxx/CVE-2017-8314.json +++ b/2017/8xxx/CVE-2017-8314.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "ID" : "CVE-2017-8314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kodi (XBMC)", - "version" : { - "version_data" : [ - { - "version_value" : "<= v17.1" - } - ] - } - } - ] - }, - "vendor_name" : "XBMC Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Allows arbitrary file write on disk" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "ID": "CVE-2017-8314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kodi (XBMC)", + "version": { + "version_data": [ + { + "version_value": "<= v17.1" + } + ] + } + } + ] + }, + "vendor_name": "XBMC Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180116 [SECURITY] [DLA 1243-1] xbmc security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00019.html" - }, - { - "name" : "https://github.com/xbmc/xbmc/pull/12024", - "refsource" : "CONFIRM", - "url" : "https://github.com/xbmc/xbmc/pull/12024" - }, - { - "name" : "GLSA-201706-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-17" - }, - { - "name" : "98668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Allows arbitrary file write on disk" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-17" + }, + { + "name": "https://github.com/xbmc/xbmc/pull/12024", + "refsource": "CONFIRM", + "url": "https://github.com/xbmc/xbmc/pull/12024" + }, + { + "name": "98668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98668" + }, + { + "name": "[debian-lts-announce] 20180116 [SECURITY] [DLA 1243-1] xbmc security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00019.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8948.json b/2017/8xxx/CVE-2017-8948.json index e32a445b572..c808107eeda 100644 --- a/2017/8xxx/CVE-2017-8948.json +++ b/2017/8xxx/CVE-2017-8948.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2017-8948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Node Manager i (NNMi) Software", - "version" : { - "version_data" : [ - { - "version_value" : "v10.0x, v10.1x, v10.2x" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Bypass Security Restrictions" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2017-8948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Node Manager i (NNMi) Software", + "version": { + "version_data": [ + { + "version_value": "v10.0x, v10.1x, v10.2x" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03762en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03762en_us" - }, - { - "name" : "99342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Bypass Security Restriction vulnerability in HPE Network Node Manager i (NNMi) Software versions v10.0x, v10.1x, v10.2x was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Bypass Security Restrictions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99342" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03762en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03762en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10166.json b/2018/10xxx/CVE-2018-10166.json index 02d5ebdbbdb..3bca3cddac1 100644 --- a/2018/10xxx/CVE-2018-10166.json +++ b/2018/10xxx/CVE-2018-10166.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities" - }, - { - "name" : "104094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104094" + }, + { + "name": "https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/tp-link-eap-controller-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10650.json b/2018/10xxx/CVE-2018-10650.json index d33859c0fbd..6bcae52345f 100644 --- a/2018/10xxx/CVE-2018-10650.json +++ b/2018/10xxx/CVE-2018-10650.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX234879", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX234879", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234879" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10969.json b/2018/10xxx/CVE-2018-10969.json index 1a28644f86a..6c044d44e21 100644 --- a/2018/10xxx/CVE-2018-10969.json +++ b/2018/10xxx/CVE-2018-10969.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44867", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44867/" - }, - { - "name" : "https://wordpress.org/plugins/pie-register/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/pie-register/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/pie-register/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/pie-register/#developers" + }, + { + "name": "44867", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44867/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10971.json b/2018/10xxx/CVE-2018-10971.json index eededd9b9cc..879ac0596c8 100644 --- a/2018/10xxx/CVE-2018-10971.json +++ b/2018/10xxx/CVE-2018-10971.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FLIF-hub/FLIF/issues/501", - "refsource" : "MISC", - "url" : "https://github.com/FLIF-hub/FLIF/issues/501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The Plane function in image/image.hpp allows remote attackers to cause a denial of service (attempted excessive memory allocation) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/FLIF-hub/FLIF/issues/501", + "refsource": "MISC", + "url": "https://github.com/FLIF-hub/FLIF/issues/501" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13373.json b/2018/13xxx/CVE-2018-13373.json index 627b0e21764..9a4e810d4ea 100644 --- a/2018/13xxx/CVE-2018-13373.json +++ b/2018/13xxx/CVE-2018-13373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17046.json b/2018/17xxx/CVE-2018-17046.json index 537945afd3c..c157f60e796 100644 --- a/2018/17xxx/CVE-2018-17046.json +++ b/2018/17xxx/CVE-2018-17046.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/magic-FE/translate-man/issues/49", - "refsource" : "MISC", - "url" : "https://github.com/magic-FE/translate-man/issues/49" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/magic-FE/translate-man/issues/49", + "refsource": "MISC", + "url": "https://github.com/magic-FE/translate-man/issues/49" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17542.json b/2018/17xxx/CVE-2018-17542.json index b772a5978db..15a42d2dd4d 100644 --- a/2018/17xxx/CVE-2018-17542.json +++ b/2018/17xxx/CVE-2018-17542.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "AKA" : "", - "ASSIGNER" : "cve@cert.org.tw", - "DATE_PUBLIC" : "2018-11-23T16:00:00.000Z", - "ID" : "CVE-2018-17542", - "STATE" : "PUBLIC", - "TITLE" : "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MailSherlock", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "", - "version_name" : "", - "version_value" : "1.5.235" - } - ] - } - } - ] - }, - "vendor_name" : "OAKlouds " - } - ] - } - }, - "configuration" : [], - "credit" : [ - { - "lang" : "eng", - "value" : "Researcher from a Technology enterprise" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request." - } - ] - }, - "exploit" : [], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.3, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "AKA": "", + "ASSIGNER": "cve@cert.org.tw", + "DATE_PUBLIC": "2018-11-23T16:00:00.000Z", + "ID": "CVE-2018-17542", + "STATE": "PUBLIC", + "TITLE": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MailSherlock", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "", + "version_name": "", + "version_value": "1.5.235" + } + ] + } + } + ] + }, + "vendor_name": "OAKlouds " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73", - "refsource" : "CONFIRM", - "url" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73" - }, - { - "name" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28", - "refsource" : "CONFIRM", - "url" : "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Update the software to the latest version." - } - ], - "source" : { - "advisory" : "", - "defect" : [], - "discovery" : "UNKNOWN" - }, - "work_around" : [] -} + } + }, + "configuration": [], + "credit": [ + { + "lang": "eng", + "value": "Researcher from a Technology enterprise" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter in an letgo.cgi request." + } + ] + }, + "exploit": [], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73", + "refsource": "CONFIRM", + "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?id=73" + }, + { + "name": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28", + "refsource": "CONFIRM", + "url": "https://twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=28" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update the software to the latest version." + } + ], + "source": { + "advisory": "", + "defect": [], + "discovery": "UNKNOWN" + }, + "work_around": [] +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17657.json b/2018/17xxx/CVE-2018-17657.json index 506981e4cf5..6501ab63098 100644 --- a/2018/17xxx/CVE-2018-17657.json +++ b/2018/17xxx/CVE-2018-17657.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1203/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1203/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoURL method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6507." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1203/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1203/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20222.json b/2018/20xxx/CVE-2018-20222.json index bbad3354a92..249421b5605 100644 --- a/2018/20xxx/CVE-2018-20222.json +++ b/2018/20xxx/CVE-2018-20222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20260.json b/2018/20xxx/CVE-2018-20260.json index 4adad91e16b..1108b850e28 100644 --- a/2018/20xxx/CVE-2018-20260.json +++ b/2018/20xxx/CVE-2018-20260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20260", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20260", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20422.json b/2018/20xxx/CVE-2018-20422.json index 6899023b0cb..a84889b7dc0 100644 --- a/2018/20xxx/CVE-2018-20422.json +++ b/2018/20xxx/CVE-2018-20422.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI", - "refsource" : "MISC", - "url" : "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI", + "refsource": "MISC", + "url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9008.json b/2018/9xxx/CVE-2018-9008.json index 9fbdaa3c109..382460b32e8 100644 --- a/2018/9xxx/CVE-2018-9008.json +++ b/2018/9xxx/CVE-2018-9008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9626.json b/2018/9xxx/CVE-2018-9626.json index 623a78b7dcb..341d4944899 100644 --- a/2018/9xxx/CVE-2018-9626.json +++ b/2018/9xxx/CVE-2018-9626.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9626", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9626", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9670.json b/2018/9xxx/CVE-2018-9670.json index de6900daf5c..fa169c286ea 100644 --- a/2018/9xxx/CVE-2018-9670.json +++ b/2018/9xxx/CVE-2018-9670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9670", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9670", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9681.json b/2018/9xxx/CVE-2018-9681.json index 680c17e415a..e23767bbe53 100644 --- a/2018/9xxx/CVE-2018-9681.json +++ b/2018/9xxx/CVE-2018-9681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9681", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9681", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9724.json b/2018/9xxx/CVE-2018-9724.json index 2ba080e09e6..4fd0770aa90 100644 --- a/2018/9xxx/CVE-2018-9724.json +++ b/2018/9xxx/CVE-2018-9724.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9724", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9724", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file