From 2d993f26f7a00d4b297ebd6b1187af89755ff439 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:47:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0329.json | 170 +++++++++---------- 2002/0xxx/CVE-2002-0475.json | 140 ++++++++-------- 2002/0xxx/CVE-2002-0656.json | 230 ++++++++++++------------- 2002/0xxx/CVE-2002-0679.json | 220 ++++++++++++------------ 2002/1xxx/CVE-2002-1104.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1175.json | 190 ++++++++++----------- 2002/1xxx/CVE-2002-1268.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1534.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1619.json | 140 ++++++++-------- 2002/1xxx/CVE-2002-1656.json | 160 +++++++++--------- 2002/2xxx/CVE-2002-2241.json | 140 ++++++++-------- 2003/0xxx/CVE-2003-0610.json | 120 ++++++------- 2012/0xxx/CVE-2012-0287.json | 150 ++++++++--------- 2012/0xxx/CVE-2012-0397.json | 120 ++++++------- 2012/0xxx/CVE-2012-0567.json | 160 +++++++++--------- 2012/0xxx/CVE-2012-0627.json | 200 +++++++++++----------- 2012/0xxx/CVE-2012-0653.json | 34 ++-- 2012/0xxx/CVE-2012-0886.json | 34 ++-- 2012/1xxx/CVE-2012-1864.json | 140 ++++++++-------- 2012/1xxx/CVE-2012-1982.json | 130 +++++++-------- 2012/3xxx/CVE-2012-3341.json | 34 ++-- 2012/3xxx/CVE-2012-3346.json | 34 ++-- 2012/3xxx/CVE-2012-3367.json | 190 ++++++++++----------- 2012/3xxx/CVE-2012-3451.json | 260 ++++++++++++++--------------- 2012/3xxx/CVE-2012-3600.json | 170 +++++++++---------- 2012/3xxx/CVE-2012-3932.json | 34 ++-- 2012/4xxx/CVE-2012-4267.json | 170 +++++++++---------- 2012/4xxx/CVE-2012-4920.json | 150 ++++++++--------- 2012/4xxx/CVE-2012-4997.json | 140 ++++++++-------- 2012/6xxx/CVE-2012-6199.json | 34 ++-- 2017/2xxx/CVE-2017-2191.json | 150 ++++++++--------- 2017/2xxx/CVE-2017-2325.json | 130 +++++++-------- 2017/2xxx/CVE-2017-2354.json | 190 ++++++++++----------- 2017/2xxx/CVE-2017-2725.json | 132 +++++++-------- 2017/2xxx/CVE-2017-2843.json | 130 +++++++-------- 2017/2xxx/CVE-2017-2862.json | 142 ++++++++-------- 2017/6xxx/CVE-2017-6088.json | 150 ++++++++--------- 2017/6xxx/CVE-2017-6185.json | 34 ++-- 2017/6xxx/CVE-2017-6727.json | 140 ++++++++-------- 2017/7xxx/CVE-2017-7308.json | 230 ++++++++++++------------- 2017/7xxx/CVE-2017-7463.json | 170 +++++++++---------- 2017/7xxx/CVE-2017-7612.json | 150 ++++++++--------- 2017/7xxx/CVE-2017-7828.json | 296 ++++++++++++++++----------------- 2018/10xxx/CVE-2018-10108.json | 120 ++++++------- 2018/10xxx/CVE-2018-10113.json | 120 ++++++------- 2018/14xxx/CVE-2018-14136.json | 34 ++-- 2018/14xxx/CVE-2018-14290.json | 130 +++++++-------- 2018/14xxx/CVE-2018-14954.json | 140 ++++++++-------- 2018/15xxx/CVE-2018-15270.json | 34 ++-- 2018/15xxx/CVE-2018-15311.json | 140 ++++++++-------- 2018/15xxx/CVE-2018-15609.json | 34 ++-- 2018/20xxx/CVE-2018-20000.json | 130 +++++++-------- 2018/20xxx/CVE-2018-20357.json | 120 ++++++------- 2018/20xxx/CVE-2018-20499.json | 34 ++-- 2018/9xxx/CVE-2018-9166.json | 34 ++-- 2018/9xxx/CVE-2018-9565.json | 130 +++++++-------- 2018/9xxx/CVE-2018-9673.json | 34 ++-- 2018/9xxx/CVE-2018-9807.json | 34 ++-- 58 files changed, 3713 insertions(+), 3713 deletions(-) diff --git a/2002/0xxx/CVE-2002-0329.json b/2002/0xxx/CVE-2002-0329.json index b0bb5a92f11..b3317a00c51 100644 --- a/2002/0xxx/CVE-2002-0329.json +++ b/2002/0xxx/CVE-2002-0329.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020227 RE: Open Bulletin Board javascript bug.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101485184605149&w=2" - }, - { - "name" : "20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/258981" - }, - { - "name" : "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660", - "refsource" : "CONFIRM", - "url" : "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660" - }, - { - "name" : "VU#132011", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/132011" - }, - { - "name" : "4192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4192" - }, - { - "name" : "snitz-img-css(8309)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8309.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660", + "refsource": "CONFIRM", + "url": "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660" + }, + { + "name": "20020227 RE: Open Bulletin Board javascript bug.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101485184605149&w=2" + }, + { + "name": "VU#132011", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/132011" + }, + { + "name": "4192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4192" + }, + { + "name": "20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/258981" + }, + { + "name": "snitz-img-css(8309)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8309.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0475.json b/2002/0xxx/CVE-2002-0475.json index 95de67ef964..83851cf4d98 100644 --- a/2002/0xxx/CVE-2002-0475.json +++ b/2002/0xxx/CVE-2002-0475.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/6W00Q202UM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6W00Q202UM.html" - }, - { - "name" : "phpbb-cross-site-scripting(7459)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7459.php" - }, - { - "name" : "4379", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/unixfocus/6W00Q202UM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html" + }, + { + "name": "phpbb-cross-site-scripting(7459)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7459.php" + }, + { + "name": "4379", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4379" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0656.json b/2002/0xxx/CVE-2002-0656.json index b9380c5f1d3..5276eb89659 100644 --- a/2002/0xxx/CVE-2002-0656.json +++ b/2002/0xxx/CVE-2002-0656.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CA-2002-23", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-23.html" - }, - { - "name" : "VU#102795", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/102795" - }, - { - "name" : "VU#258555", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/258555" - }, - { - "name" : "CSSA-2002-033.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" - }, - { - "name" : "CSSA-2002-033.1", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" - }, - { - "name" : "FreeBSD-SA-02:33", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" - }, - { - "name" : "MDKSA-2002:046", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" - }, - { - "name" : "CLA-2002:513", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513" - }, - { - "name" : "openssl-ssl2-masterkey-bo(9714)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9714.php" - }, - { - "name" : "5362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5362" - }, - { - "name" : "5363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5363" - }, - { - "name" : "openssl-ssl3-sessionid-bo(9716)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9716.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5363" + }, + { + "name": "5362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5362" + }, + { + "name": "VU#102795", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/102795" + }, + { + "name": "MDKSA-2002:046", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" + }, + { + "name": "CSSA-2002-033.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" + }, + { + "name": "VU#258555", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/258555" + }, + { + "name": "openssl-ssl2-masterkey-bo(9714)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9714.php" + }, + { + "name": "CA-2002-23", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-23.html" + }, + { + "name": "CSSA-2002-033.1", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" + }, + { + "name": "CLA-2002:513", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513" + }, + { + "name": "FreeBSD-SA-02:33", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" + }, + { + "name": "openssl-ssl3-sessionid-bo(9716)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9716.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0679.json b/2002/0xxx/CVE-2002-0679.json index f5584f540bb..4dc624b5c53 100644 --- a/2002/0xxx/CVE-2002-0679.json +++ b/2002/0xxx/CVE-2002-0679.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102917002523536&w=2" - }, - { - "name" : "CA-2002-26", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-26.html" - }, - { - "name" : "VU#387387", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/387387" - }, - { - "name" : "IY32792", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=only" - }, - { - "name" : "IY32793", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=only" - }, - { - "name" : "HPSBUX0207-199", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199" - }, - { - "name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity" - }, - { - "name" : "tooltalk-ttdbserverd-ttcreatefile-bo(9822)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9822.php" - }, - { - "name" : "5444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5444" - }, - { - "name" : "oval:org.mitre.oval:def:177", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177" - }, - { - "name" : "oval:org.mitre.oval:def:192", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:177", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177" + }, + { + "name": "tooltalk-ttdbserverd-ttcreatefile-bo(9822)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9822.php" + }, + { + "name": "20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102917002523536&w=2" + }, + { + "name": "HPSBUX0207-199", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199" + }, + { + "name": "5444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5444" + }, + { + "name": "IY32792", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=only" + }, + { + "name": "oval:org.mitre.oval:def:192", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192" + }, + { + "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity" + }, + { + "name": "CA-2002-26", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-26.html" + }, + { + "name": "IY32793", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=only" + }, + { + "name": "VU#387387", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/387387" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1104.json b/2002/1xxx/CVE-2002-1104.json index b4bdbc2e047..7ac17f70b92 100644 --- a/2002/1xxx/CVE-2002-1104.json +++ b/2002/1xxx/CVE-2002-1104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml" - }, - { - "name" : "cisco-vpn-tcp-dos(10042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042" - }, - { - "name" : "5649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-vpn-tcp-dos(10042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042" + }, + { + "name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml" + }, + { + "name": "5649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5649" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1175.json b/2002/1xxx/CVE-2002-1175.json index 7aaf891ec3d..cbf672819e1 100644 --- a/2002/1xxx/CVE-2002-1175.json +++ b/2002/1xxx/CVE-2002-1175.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020929 Advisory 03/2002: Fetchmail remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103340148625187&w=2" - }, - { - "name" : "MDKSA-2002:063", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php" - }, - { - "name" : "DSA-171", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-171" - }, - { - "name" : "CLA-2002:531", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531" - }, - { - "name" : "RHSA-2002:215", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-215.html" - }, - { - "name" : "ESA-20021003-023", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/other_advisory-2402.html" - }, - { - "name" : "fetchmail-multidrop-bo(10203)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10203.php" - }, - { - "name" : "5826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2002:063", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php" + }, + { + "name": "20020929 Advisory 03/2002: Fetchmail remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103340148625187&w=2" + }, + { + "name": "RHSA-2002:215", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-215.html" + }, + { + "name": "fetchmail-multidrop-bo(10203)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10203.php" + }, + { + "name": "CLA-2002:531", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531" + }, + { + "name": "ESA-20021003-023", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/other_advisory-2402.html" + }, + { + "name": "5826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5826" + }, + { + "name": "DSA-171", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-171" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1268.json b/2002/1xxx/CVE-2002-1268.json index dcc4123d7f5..5a3591a1af8 100644 --- a/2002/1xxx/CVE-2002-1268.json +++ b/2002/1xxx/CVE-2002-1268.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka \"User Privilege Elevation via Mounting an ISO 9600 CD.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.info.apple.com/usen/security/security_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.info.apple.com/usen/security/security_updates.html" - }, - { - "name" : "macos-iso9600-gain-privileges(10828)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10828" - }, - { - "name" : "7059", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka \"User Privilege Elevation via Mounting an ISO 9600 CD.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.info.apple.com/usen/security/security_updates.html", + "refsource": "CONFIRM", + "url": "http://www.info.apple.com/usen/security/security_updates.html" + }, + { + "name": "macos-iso9600-gain-privileges(10828)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10828" + }, + { + "name": "7059", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7059" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1534.json b/2002/1xxx/CVE-2002-1534.json index 340a1f58eae..96c64d411f7 100644 --- a/2002/1xxx/CVE-2002-1534.json +++ b/2002/1xxx/CVE-2002-1534.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021006 Flash player can read local files", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html" - }, - { - "name" : "flash-xml-read-files(10297)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10297.php" - }, - { - "name" : "5904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021006 Flash player can read local files", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html" + }, + { + "name": "5904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5904" + }, + { + "name": "flash-xml-read-files(10297)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10297.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1619.json b/2002/1xxx/CVE-2002-1619.json index fb3e9647968..c042ddd818a 100644 --- a/2002/1xxx/CVE-2002-1619.json +++ b/2002/1xxx/CVE-2002-1619.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY27310", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY27310&apar=only" - }, - { - "name" : "VU#152955", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/152955" - }, - { - "name" : "aix-fc-client-bo(10127)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aix-fc-client-bo(10127)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10127" + }, + { + "name": "VU#152955", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/152955" + }, + { + "name": "IY27310", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY27310&apar=only" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1656.json b/2002/1xxx/CVE-2002-1656.json index e8bd06e52ba..66eaeb7179e 100644 --- a/2002/1xxx/CVE-2002-1656.json +++ b/2002/1xxx/CVE-2002-1656.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ifrance.com/kitetoua/tuto/x_holes.txt", - "refsource" : "MISC", - "url" : "http://www.ifrance.com/kitetoua/tuto/x_holes.txt" - }, - { - "name" : "VU#162723", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/162723" - }, - { - "name" : "4283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4283" - }, - { - "name" : "1003828", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003828" - }, - { - "name" : "xnews-users-world-readable(8465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#162723", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/162723" + }, + { + "name": "1003828", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003828" + }, + { + "name": "xnews-users-world-readable(8465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8465" + }, + { + "name": "http://www.ifrance.com/kitetoua/tuto/x_holes.txt", + "refsource": "MISC", + "url": "http://www.ifrance.com/kitetoua/tuto/x_holes.txt" + }, + { + "name": "4283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4283" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2241.json b/2002/2xxx/CVE-2002-2241.json index a6955f30ad4..bdf43e06c46 100644 --- a/2002/2xxx/CVE-2002-2241.json +++ b/2002/2xxx/CVE-2002-2241.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021211 Denial of Service vulnerability in VisNetic Website", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html" - }, - { - "name" : "6364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6364" - }, - { - "name" : "visnetic-website-url-dos(10840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021211 Denial of Service vulnerability in VisNetic Website", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html" + }, + { + "name": "6364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6364" + }, + { + "name": "visnetic-website-url-dos(10840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10840" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0610.json b/2003/0xxx/CVE-2003-0610.json index 4e3331df674..0464e49d9ef 100644 --- a/2003/0xxx/CVE-2003-0610.json +++ b/2003/0xxx/CVE-2003-0610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", - "refsource" : "CONFIRM", - "url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", + "refsource": "CONFIRM", + "url": "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0287.json b/2012/0xxx/CVE-2012-0287.json index bb9cdc6e7ed..313962f60df 100644 --- a/2012/0xxx/CVE-2012-0287.json +++ b/2012/0xxx/CVE-2012-0287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the \"Duplicate comment detected\" feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html", - "refsource" : "MISC", - "url" : "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html" - }, - { - "name" : "https://wordpress.org/news/2012/01/wordpress-3-3-1/", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/news/2012/01/wordpress-3-3-1/" - }, - { - "name" : "51237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51237" - }, - { - "name" : "1026542", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the \"Duplicate comment detected\" feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026542", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026542" + }, + { + "name": "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html", + "refsource": "MISC", + "url": "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html" + }, + { + "name": "51237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51237" + }, + { + "name": "https://wordpress.org/news/2012/01/wordpress-3-3-1/", + "refsource": "CONFIRM", + "url": "https://wordpress.org/news/2012/01/wordpress-3-3-1/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0397.json b/2012/0xxx/CVE-2012-0397.json index 1f7a698c2e4..3ed00c89867 100644 --- a/2012/0xxx/CVE-2012-0397.json +++ b/2012/0xxx/CVE-2012-0397.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-0397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120305 ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/521885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120305 ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/521885" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0567.json b/2012/0xxx/CVE-2012-0567.json index 60836503370..cb93987eed9 100644 --- a/2012/0xxx/CVE-2012-0567.json +++ b/2012/0xxx/CVE-2012-0567.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0545 and CVE-2012-0546." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53114", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53114" - }, - { - "name" : "1026953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026953" - }, - { - "name" : "48831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0545 and CVE-2012-0546." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53114", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53114" + }, + { + "name": "1026953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026953" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48831" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0627.json b/2012/0xxx/CVE-2012-0627.json index a1618145df5..aecd257c755 100644 --- a/2012/0xxx/CVE-2012-0627.json +++ b/2012/0xxx/CVE-2012-0627.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "oval:org.mitre.oval:def:17429", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17429" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:17429", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17429" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0653.json b/2012/0xxx/CVE-2012-0653.json index 6c684d0f468..b20524ee7d2 100644 --- a/2012/0xxx/CVE-2012-0653.json +++ b/2012/0xxx/CVE-2012-0653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0653", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0653", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0886.json b/2012/0xxx/CVE-2012-0886.json index 76a1cd38f47..a4e1e61bfe6 100644 --- a/2012/0xxx/CVE-2012-0886.json +++ b/2012/0xxx/CVE-2012-0886.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0886", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0886", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1864.json b/2012/1xxx/CVE-2012-1864.json index aff03501e05..0e794c6f093 100644 --- a/2012/1xxx/CVE-2012-1864.json +++ b/2012/1xxx/CVE-2012-1864.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka \"String Atom Class Name Handling Vulnerability,\" a different vulnerability than CVE-2012-1865." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15496", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka \"String Atom Class Name Handling Vulnerability,\" a different vulnerability than CVE-2012-1865." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "oval:org.mitre.oval:def:15496", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15496" + }, + { + "name": "MS12-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1982.json b/2012/1xxx/CVE-2012-1982.json index f072e277c04..c2615bd228e 100644 --- a/2012/1xxx/CVE-2012-1982.json +++ b/2012/1xxx/CVE-2012-1982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt" - }, - { - "name" : "socialcms-admin1listpages-xss(74540)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "socialcms-admin1listpages-xss(74540)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74540" + }, + { + "name": "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt", + "refsource": "MISC", + "url": "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3341.json b/2012/3xxx/CVE-2012-3341.json index aad33ce84a7..16f1baa5b15 100644 --- a/2012/3xxx/CVE-2012-3341.json +++ b/2012/3xxx/CVE-2012-3341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3346.json b/2012/3xxx/CVE-2012-3346.json index 737b121df93..83778546177 100644 --- a/2012/3xxx/CVE-2012-3346.json +++ b/2012/3xxx/CVE-2012-3346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3367.json b/2012/3xxx/CVE-2012-3367.json index 4569442e1fa..663e71e3560 100644 --- a/2012/3xxx/CVE-2012-3367.json +++ b/2012/3xxx/CVE-2012-3367.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=836268", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=836268" - }, - { - "name" : "https://fedorahosted.org/pki/changeset/2430", - "refsource" : "CONFIRM", - "url" : "https://fedorahosted.org/pki/changeset/2430" - }, - { - "name" : "RHSA-2012:1103", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1103.html" - }, - { - "name" : "54608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54608" - }, - { - "name" : "84098", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84098" - }, - { - "name" : "1027284", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027284" - }, - { - "name" : "50013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50013" - }, - { - "name" : "rhcs-certificate-manager-sec-bypass(77102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=836268", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=836268" + }, + { + "name": "1027284", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027284" + }, + { + "name": "84098", + "refsource": "OSVDB", + "url": "http://osvdb.org/84098" + }, + { + "name": "50013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50013" + }, + { + "name": "https://fedorahosted.org/pki/changeset/2430", + "refsource": "CONFIRM", + "url": "https://fedorahosted.org/pki/changeset/2430" + }, + { + "name": "rhcs-certificate-manager-sec-bypass(77102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77102" + }, + { + "name": "54608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54608" + }, + { + "name": "RHSA-2012:1103", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1103.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3451.json b/2012/3xxx/CVE-2012-3451.json index 8e981e16dfa..072c7f897f2 100644 --- a/2012/3xxx/CVE-2012-3451.json +++ b/2012/3xxx/CVE-2012-3451.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851896", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851896" - }, - { - "name" : "http://cxf.apache.org/cve-2012-3451.html", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/cve-2012-3451.html" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1368559", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1368559" - }, - { - "name" : "RHSA-2012:1591", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" - }, - { - "name" : "RHSA-2012:1592", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" - }, - { - "name" : "RHSA-2012:1594", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" - }, - { - "name" : "RHSA-2013:0256", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0256.html" - }, - { - "name" : "RHSA-2013:0257", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0257.html" - }, - { - "name" : "RHSA-2013:0258", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0258.html" - }, - { - "name" : "RHSA-2013:0259", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0259.html" - }, - { - "name" : "RHSA-2013:0726", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0726.html" - }, - { - "name" : "RHSA-2013:0743", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0743.html" - }, - { - "name" : "51607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51607" - }, - { - "name" : "52183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52183" - }, - { - "name" : "apache-cfx-soapaction-security-bypass(78734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=851896", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" + }, + { + "name": "RHSA-2013:0256", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1368559", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1368559" + }, + { + "name": "RHSA-2012:1594", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html" + }, + { + "name": "RHSA-2013:0257", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" + }, + { + "name": "51607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51607" + }, + { + "name": "RHSA-2013:0258", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" + }, + { + "name": "apache-cfx-soapaction-security-bypass(78734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78734" + }, + { + "name": "RHSA-2012:1592", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html" + }, + { + "name": "52183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52183" + }, + { + "name": "RHSA-2013:0743", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" + }, + { + "name": "RHSA-2012:1591", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html" + }, + { + "name": "RHSA-2013:0259", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" + }, + { + "name": "http://cxf.apache.org/cve-2012-3451.html", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/cve-2012-3451.html" + }, + { + "name": "RHSA-2013:0726", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3600.json b/2012/3xxx/CVE-2012-3600.json index 87bd2075bcd..bb3011a5c6b 100644 --- a/2012/3xxx/CVE-2012-3600.json +++ b/2012/3xxx/CVE-2012-3600.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3932.json b/2012/3xxx/CVE-2012-3932.json index 5957906b95b..6d27d582dfc 100644 --- a/2012/3xxx/CVE-2012-3932.json +++ b/2012/3xxx/CVE-2012-3932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4267.json b/2012/4xxx/CVE-2012-4267.json index 0c7886bd292..1255adf2a3f 100644 --- a/2012/4xxx/CVE-2012-4267.json +++ b/2012/4xxx/CVE-2012-4267.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18868", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18868" - }, - { - "name" : "http://smwyg.com/blog/#sockso-persistant-xss-attack", - "refsource" : "MISC", - "url" : "http://smwyg.com/blog/#sockso-persistant-xss-attack" - }, - { - "name" : "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136", - "refsource" : "CONFIRM", - "url" : "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136" - }, - { - "name" : "https://github.com/rodnaph/sockso/issues/93", - "refsource" : "CONFIRM", - "url" : "https://github.com/rodnaph/sockso/issues/93" - }, - { - "name" : "https://github.com/rodnaph/sockso/pull/99/files", - "refsource" : "CONFIRM", - "url" : "https://github.com/rodnaph/sockso/pull/99/files" - }, - { - "name" : "49148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49148" + }, + { + "name": "18868", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18868" + }, + { + "name": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136", + "refsource": "CONFIRM", + "url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136" + }, + { + "name": "https://github.com/rodnaph/sockso/pull/99/files", + "refsource": "CONFIRM", + "url": "https://github.com/rodnaph/sockso/pull/99/files" + }, + { + "name": "https://github.com/rodnaph/sockso/issues/93", + "refsource": "CONFIRM", + "url": "https://github.com/rodnaph/sockso/issues/93" + }, + { + "name": "http://smwyg.com/blog/#sockso-persistant-xss-attack", + "refsource": "MISC", + "url": "http://smwyg.com/blog/#sockso-persistant-xss-attack" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4920.json b/2012/4xxx/CVE-2012-4920.json index e31865ccba1..84241084d73 100644 --- a/2012/4xxx/CVE-2012-4920.json +++ b/2012/4xxx/CVE-2012-4920.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-4920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/plugins/zingiri-forum/changelog", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/plugins/zingiri-forum/changelog" - }, - { - "name" : "89069", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89069" - }, - { - "name" : "50833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50833" - }, - { - "name" : "wp-zingiriforum-url-directory-traversal(81156)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50833" + }, + { + "name": "http://wordpress.org/plugins/zingiri-forum/changelog", + "refsource": "CONFIRM", + "url": "http://wordpress.org/plugins/zingiri-forum/changelog" + }, + { + "name": "89069", + "refsource": "OSVDB", + "url": "http://osvdb.org/89069" + }, + { + "name": "wp-zingiriforum-url-directory-traversal(81156)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4997.json b/2012/4xxx/CVE-2012-4997.json index 0067b2066cb..de20b9746cb 100644 --- a/2012/4xxx/CVE-2012-4997.json +++ b/2012/4xxx/CVE-2012-4997.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18559", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18559" - }, - { - "name" : "52272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52272" - }, - { - "name" : "anecms-index-local-file-include(73682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52272" + }, + { + "name": "18559", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18559" + }, + { + "name": "anecms-index-local-file-include(73682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73682" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6199.json b/2012/6xxx/CVE-2012-6199.json index 43ecf0e5e64..b15d2d3adf7 100644 --- a/2012/6xxx/CVE-2012-6199.json +++ b/2012/6xxx/CVE-2012-6199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6199", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6199", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2191.json b/2017/2xxx/CVE-2017-2191.json index 474fc2e77fa..42ac0fd852d 100644 --- a/2017/2xxx/CVE-2017-2191.json +++ b/2017/2xxx/CVE-2017-2191.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RW-5100 driver installer for Windows 7", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.0.0.9" - } - ] - } - }, - { - "product_name" : "RW-5100 driver installer for Windows 8.1", - "version" : { - "version_data" : [ - { - "version_value" : "version 1.0.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Sharp Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RW-5100 driver installer for Windows 7", + "version": { + "version_data": [ + { + "version_value": "version 1.0.0.9" + } + ] + } + }, + { + "product_name": "RW-5100 driver installer for Windows 8.1", + "version": { + "version_data": [ + { + "version_value": "version 1.0.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Sharp Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#51274854", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51274854/index.html" - }, - { - "name" : "99290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99290" + }, + { + "name": "JVN#51274854", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51274854/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2325.json b/2017/2xxx/CVE-2017-2325.json index 5485deeccb1..204a3f9ed16 100644 --- a/2017/2xxx/CVE-2017-2325.json +++ b/2017/2xxx/CVE-2017-2325.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NorthStar Controller Application", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 2.1.0 Service Pack 1" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow leading to a denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NorthStar Controller Application", + "version": { + "version_data": [ + { + "version_value": "prior to version 2.1.0 Service Pack 1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10783", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10783" - }, - { - "name" : "97602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow leading to a denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10783", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10783" + }, + { + "name": "97602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97602" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2354.json b/2017/2xxx/CVE-2017-2354.json index d2afec472e9..8caff144995 100644 --- a/2017/2xxx/CVE-2017-2354.json +++ b/2017/2xxx/CVE-2017-2354.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207481", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207481" - }, - { - "name" : "https://support.apple.com/HT207482", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207482" - }, - { - "name" : "https://support.apple.com/HT207484", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207484" - }, - { - "name" : "https://support.apple.com/HT207485", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207485" - }, - { - "name" : "https://support.apple.com/HT207486", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207486" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "95736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95736" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95736" + }, + { + "name": "https://support.apple.com/HT207486", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207486" + }, + { + "name": "https://support.apple.com/HT207485", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207485" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207481", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207481" + }, + { + "name": "https://support.apple.com/HT207484", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207484" + }, + { + "name": "https://support.apple.com/HT207482", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207482" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2725.json b/2017/2xxx/CVE-2017-2725.json index b387a86ff50..92b744340ff 100644 --- a/2017/2xxx/CVE-2017-2725.json +++ b/2017/2xxx/CVE-2017-2725.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P10 Plus,P10", - "version" : { - "version_data" : [ - { - "version_value" : "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P10 Plus,P10", + "version": { + "version_data": [ + { + "version_value": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en" - }, - { - "name" : "97696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97696" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2843.json b/2017/2xxx/CVE-2017-2843.json index 482a0709b5b..fa3f8e0330b 100644 --- a/2017/2xxx/CVE-2017-2843.json +++ b/2017/2xxx/CVE-2017-2843.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345" - }, - { - "name" : "99184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345" + }, + { + "name": "99184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99184" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2862.json b/2017/2xxx/CVE-2017-2862.json index 43caf4fbada..eccfdc8ad34 100644 --- a/2017/2xxx/CVE-2017-2862.json +++ b/2017/2xxx/CVE-2017-2862.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-08-30T00:00:00", - "ID" : "CVE-2017-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gdk-Pixbuf", - "version" : { - "version_data" : [ - { - "version_value" : "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "GNOME" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-08-30T00:00:00", + "ID": "CVE-2017-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Gdk-Pixbuf", + "version": { + "version_data": [ + { + "version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2" + } + ] + } + } + ] + }, + "vendor_name": "GNOME" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366" - }, - { - "name" : "DSA-3978", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3978" - }, - { - "name" : "100541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366" + }, + { + "name": "DSA-3978", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3978" + }, + { + "name": "100541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100541" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6088.json b/2017/6xxx/CVE-2017-6088.json index f572af8007c..5ce41806274 100644 --- a/2017/6xxx/CVE-2017-6088.json +++ b/2017/6xxx/CVE-2017-6088.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41747", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41747/" - }, - { - "name" : "[oss-security] 20170323 [CVE-2017-6088] EON 5.0 Multiple SQL Injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/23/4" - }, - { - "name" : "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/" - }, - { - "name" : "97084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41747", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41747/" + }, + { + "name": "[oss-security] 20170323 [CVE-2017-6088] EON 5.0 Multiple SQL Injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/23/4" + }, + { + "name": "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/" + }, + { + "name": "97084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97084" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6185.json b/2017/6xxx/CVE-2017-6185.json index bd004ad748e..7bfd5c8d7e8 100644 --- a/2017/6xxx/CVE-2017-6185.json +++ b/2017/6xxx/CVE-2017-6185.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6185", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6185", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6727.json b/2017/6xxx/CVE-2017-6727.json index 22d1b506cf0..5d1ec41ee12 100644 --- a/2017/6xxx/CVE-2017-6727.json +++ b/2017/6xxx/CVE-2017-6727.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Wide Area Application Services", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Wide Area Application Services" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Wide Area Application Services", + "version": { + "version_data": [ + { + "version_value": "Cisco Wide Area Application Services" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas" - }, - { - "name" : "99483", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99483" - }, - { - "name" : "1038824", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038824", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038824" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas" + }, + { + "name": "99483", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99483" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7308.json b/2017/7xxx/CVE-2017-7308.json index ca4c8224177..6bba1ddce33 100644 --- a/2017/7xxx/CVE-2017-7308.json +++ b/2017/7xxx/CVE-2017-7308.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7308", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7308", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41994", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41994/" - }, - { - "name" : "44654", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44654/" - }, - { - "name" : "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html", - "refsource" : "MISC", - "url" : "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/744811/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/744811/" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/744812/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/744812/" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/744813/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/744813/" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "RHSA-2017:1297", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1297" - }, - { - "name" : "RHSA-2017:1298", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1298" - }, - { - "name" : "RHSA-2017:1308", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1308" - }, - { - "name" : "RHSA-2018:1854", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1854" - }, - { - "name" : "97234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1308", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1308" + }, + { + "name": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html", + "refsource": "MISC", + "url": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "RHSA-2018:1854", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1854" + }, + { + "name": "97234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97234" + }, + { + "name": "https://patchwork.ozlabs.org/patch/744812/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/744812/" + }, + { + "name": "41994", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41994/" + }, + { + "name": "https://patchwork.ozlabs.org/patch/744813/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/744813/" + }, + { + "name": "44654", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44654/" + }, + { + "name": "https://patchwork.ozlabs.org/patch/744811/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/744811/" + }, + { + "name": "RHSA-2017:1298", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1298" + }, + { + "name": "RHSA-2017:1297", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1297" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7463.json b/2017/7xxx/CVE-2017-7463.json index d49d6ee6c1a..6043022599c 100644 --- a/2017/7xxx/CVE-2017-7463.json +++ b/2017/7xxx/CVE-2017-7463.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-7463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "business-central", - "version" : { - "version_data" : [ - { - "version_value" : "6.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "business-central", + "version": { + "version_data": [ + { + "version_value": "6.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463" - }, - { - "name" : "RHSA-2017:1217", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1217" - }, - { - "name" : "RHSA-2017:1218", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1218" - }, - { - "name" : "98385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1217", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1217" + }, + { + "name": "RHSA-2017:1218", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1218" + }, + { + "name": "98385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98385" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7612.json b/2017/7xxx/CVE-2017-7612.json index e04a2bae55c..104e353799c 100644 --- a/2017/7xxx/CVE-2017-7612.json +++ b/2017/7xxx/CVE-2017-7612.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c" - }, - { - "name" : "GLSA-201710-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-10" - }, - { - "name" : "USN-3670-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3670-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3670-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3670-1/" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c" + }, + { + "name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" + }, + { + "name": "GLSA-201710-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-10" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7828.json b/2017/7xxx/CVE-2017-7828.json index e1beca6b714..262d992d987 100644 --- a/2017/7xxx/CVE-2017-7828.json +++ b/2017/7xxx/CVE-2017-7828.json @@ -1,150 +1,150 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "57" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.5" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.5" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free of PressShell while restyling layout" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "57" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.5" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.5" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" - }, - { - "name" : "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-25/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-25/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-26/" - }, - { - "name" : "DSA-4035", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4035" - }, - { - "name" : "DSA-4061", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4061" - }, - { - "name" : "DSA-4075", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4075" - }, - { - "name" : "RHSA-2017:3247", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3247" - }, - { - "name" : "RHSA-2017:3372", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3372" - }, - { - "name" : "101832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101832" - }, - { - "name" : "1039803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free of PressShell while restyling layout" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750" + }, + { + "name": "DSA-4035", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4035" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-25/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/" + }, + { + "name": "101832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101832" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-26/" + }, + { + "name": "1039803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039803" + }, + { + "name": "DSA-4061", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4061" + }, + { + "name": "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" + }, + { + "name": "RHSA-2017:3247", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3247" + }, + { + "name": "DSA-4075", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4075" + }, + { + "name": "RHSA-2017:3372", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3372" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10108.json b/2018/10xxx/CVE-2018-10108.json index e49b6d41580..696303f5b4a 100644 --- a/2018/10xxx/CVE-2018-10108.json +++ b/2018/10xxx/CVE-2018-10108.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", - "refsource" : "MISC", - "url" : "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", + "refsource": "MISC", + "url": "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10113.json b/2018/10xxx/CVE-2018-10113.json index 98e7977d181..2df69e39d98 100644 --- a/2018/10xxx/CVE-2018-10113.json +++ b/2018/10xxx/CVE-2018-10113.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xiaoqx/pocs/tree/master/gegl", - "refsource" : "MISC", - "url" : "https://github.com/xiaoqx/pocs/tree/master/gegl" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xiaoqx/pocs/tree/master/gegl", + "refsource": "MISC", + "url": "https://github.com/xiaoqx/pocs/tree/master/gegl" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14136.json b/2018/14xxx/CVE-2018-14136.json index 3e7485a7ee3..cff5d837e68 100644 --- a/2018/14xxx/CVE-2018-14136.json +++ b/2018/14xxx/CVE-2018-14136.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14136", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14136", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14290.json b/2018/14xxx/CVE-2018-14290.json index ecaa388812d..e15f72ab0a2 100644 --- a/2018/14xxx/CVE-2018-14290.json +++ b/2018/14xxx/CVE-2018-14290.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-122-Heap-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-750", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-750" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122-Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-750", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-750" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14954.json b/2018/14xxx/CVE-2018-14954.json index add5e8512aa..2502b899717 100644 --- a/2018/14xxx/CVE-2018-14954.json +++ b/2018/14xxx/CVE-2018-14954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2018/07/26/2", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2018/07/26/2" - }, - { - "name" : "https://bugs.debian.org/905023", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/905023" - }, - { - "name" : "https://sourceforge.net/p/squirrelmail/bugs/2831/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/squirrelmail/bugs/2831/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/squirrelmail/bugs/2831/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/squirrelmail/bugs/2831/" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2018/07/26/2", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2018/07/26/2" + }, + { + "name": "https://bugs.debian.org/905023", + "refsource": "MISC", + "url": "https://bugs.debian.org/905023" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15270.json b/2018/15xxx/CVE-2018-15270.json index 31dbd94c399..6fb9f8741a4 100644 --- a/2018/15xxx/CVE-2018-15270.json +++ b/2018/15xxx/CVE-2018-15270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15311.json b/2018/15xxx/CVE-2018-15311.json index a8ae5109903..3d87e840d0a 100644 --- a/2018/15xxx/CVE-2018-15311.json +++ b/2018/15xxx/CVE-2018-15311.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2018-10-09T00:00:00", - "ID" : "CVE-2018-15311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0-13.1.0.5" - }, - { - "version_value" : "12.1.0-12.1.3.5" - }, - { - "version_value" : "11.6.0-11.6.3.2" - }, - { - "version_value" : "11.5.1-11.5.6" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2018-10-09T00:00:00", + "ID": "CVE-2018-15311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", + "version": { + "version_data": [ + { + "version_value": "13.0.0-13.1.0.5" + }, + { + "version_value": "12.1.0-12.1.3.5" + }, + { + "version_value": "11.6.0-11.6.3.2" + }, + { + "version_value": "11.5.1-11.5.6" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K07550539", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K07550539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K07550539", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K07550539" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15609.json b/2018/15xxx/CVE-2018-15609.json index 4ec1598637b..97d6ddf2db4 100644 --- a/2018/15xxx/CVE-2018-15609.json +++ b/2018/15xxx/CVE-2018-15609.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15609", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15609", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20000.json b/2018/20xxx/CVE-2018-20000.json index 832aba5322b..0b66b37bdf9 100644 --- a/2018/20xxx/CVE-2018-20000.json +++ b/2018/20xxx/CVE-2018-20000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3", - "refsource" : "MISC", - "url" : "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3" - }, - { - "name" : "https://github.com/Bedework/bw-webdav/pull/1", - "refsource" : "MISC", - "url" : "https://github.com/Bedework/bw-webdav/pull/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Bedework/bw-webdav/pull/1", + "refsource": "MISC", + "url": "https://github.com/Bedework/bw-webdav/pull/1" + }, + { + "name": "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3", + "refsource": "MISC", + "url": "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20357.json b/2018/20xxx/CVE-2018-20357.json index 3ce458f88c0..5c4a2e8b34a 100644 --- a/2018/20xxx/CVE-2018-20357.json +++ b/2018/20xxx/CVE-2018-20357.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/knik0/faad2/issues/28", - "refsource" : "MISC", - "url" : "https://github.com/knik0/faad2/issues/28" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/knik0/faad2/issues/28", + "refsource": "MISC", + "url": "https://github.com/knik0/faad2/issues/28" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20499.json b/2018/20xxx/CVE-2018-20499.json index 59aec05a326..b540e84e23e 100644 --- a/2018/20xxx/CVE-2018-20499.json +++ b/2018/20xxx/CVE-2018-20499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20499", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20499", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9166.json b/2018/9xxx/CVE-2018-9166.json index 341c969480d..df41324c7a7 100644 --- a/2018/9xxx/CVE-2018-9166.json +++ b/2018/9xxx/CVE-2018-9166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9565.json b/2018/9xxx/CVE-2018-9565.json index bb81f273735..9e92f2a252f 100644 --- a/2018/9xxx/CVE-2018-9565.json +++ b/2018/9xxx/CVE-2018-9565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-16680558" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-16680558" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-12-01" - }, - { - "name" : "106065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106065" + }, + { + "name": "https://source.android.com/security/bulletin/2018-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9673.json b/2018/9xxx/CVE-2018-9673.json index 2be87c49dfb..77350969d3d 100644 --- a/2018/9xxx/CVE-2018-9673.json +++ b/2018/9xxx/CVE-2018-9673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9807.json b/2018/9xxx/CVE-2018-9807.json index ce85f1481c3..600ed96480b 100644 --- a/2018/9xxx/CVE-2018-9807.json +++ b/2018/9xxx/CVE-2018-9807.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9807", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9807", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file