tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020702 XSS in Slashcode", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/280218" - }, - { - "name" : "20020702 Re: XSS in Slashcode", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/280255" - }, - { - "name" : "5140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5140" - }, - { - "name" : "slashcode-cvs-xss(9473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Slashcode CVS releases June 17 through July 1 2002 allows remote attackers to execute arbitrary script as other users by injecting script into the paragraph
tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020702 Re: XSS in Slashcode", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/280255" + }, + { + "name": "5140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5140" + }, + { + "name": "slashcode-cvs-xss(9473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9473" + }, + { + "name": "20020702 XSS in Slashcode", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/280218" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0248.json b/2003/0xxx/CVE-2003-0248.json index 363aa5d9b82..0ea8315ae20 100644 --- a/2003/0xxx/CVE-2003-0248.json +++ b/2003/0xxx/CVE-2003-0248.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:187", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html" - }, - { - "name" : "RHSA-2003:195", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html" - }, - { - "name" : "DSA-311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-311" - }, - { - "name" : "DSA-312", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-312" - }, - { - "name" : "DSA-332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-332" - }, - { - "name" : "DSA-336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-336" - }, - { - "name" : "DSA-442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-442" - }, - { - "name" : "MDKSA-2003:066", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066" - }, - { - "name" : "MDKSA-2003:074", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074" - }, - { - "name" : "TLSA-2003-41", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt" - }, - { - "name" : "oval:org.mitre.oval:def:292", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:187", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-187.html" + }, + { + "name": "TLSA-2003-41", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-41.txt" + }, + { + "name": "RHSA-2003:195", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-195.html" + }, + { + "name": "MDKSA-2003:074", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074" + }, + { + "name": "DSA-336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-336" + }, + { + "name": "MDKSA-2003:066", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066" + }, + { + "name": "oval:org.mitre.oval:def:292", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292" + }, + { + "name": "DSA-311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-311" + }, + { + "name": "DSA-332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-332" + }, + { + "name": "DSA-312", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-312" + }, + { + "name": "DSA-442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-442" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0596.json b/2003/0xxx/CVE-2003-0596.json index 338889ce711..bf0cd9e5397 100644 --- a/2003/0xxx/CVE-2003-0596.json +++ b/2003/0xxx/CVE-2003-0596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219" - }, - { - "name" : "DSA-352", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2003/dsa-352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-352", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2003/dsa-352" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0808.json b/2003/0xxx/CVE-2003-0808.json index be2194acf5c..e75aadc31e7 100644 --- a/2003/0xxx/CVE-2003-0808.json +++ b/2003/0xxx/CVE-2003-0808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0857.json b/2003/0xxx/CVE-2003-0857.json index 239e6536b39..f563c28684e 100644 --- a/2003/0xxx/CVE-2003-0857.json +++ b/2003/0xxx/CVE-2003-0857.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=108574", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=108574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=108574", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=108574" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1218.json b/2003/1xxx/CVE-2003-1218.json index 34c31200af9..8dbee920b7a 100644 --- a/2003/1xxx/CVE-2003-1218.json +++ b/2003/1xxx/CVE-2003-1218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1218", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-1218", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1223.json b/2003/1xxx/CVE-2003-1223.json index 5c3ec01a26c..e27dd3a8646 100644 --- a/2003/1xxx/CVE-2003-1223.json +++ b/2003/1xxx/CVE-2003-1223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA03-42.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/48" - }, - { - "name" : "9034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9034" + }, + { + "name": "BEA03-42.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/48" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0180.json b/2004/0xxx/CVE-2004-0180.json index 5a774146c68..8a1c61f578b 100644 --- a/2004/0xxx/CVE-2004-0180.json +++ b/2004/0xxx/CVE-2004-0180.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-486", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-486" - }, - { - "name" : "FEDORA-2004-1620", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=108636445031613&w=2" - }, - { - "name" : "FreeBSD-SA-04:07", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc" - }, - { - "name" : "GLSA-200404-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200404-13.xml" - }, - { - "name" : "MDKSA-2004:028", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028" - }, - { - "name" : "RHSA-2004:153", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-153.html" - }, - { - "name" : "RHSA-2004:154", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-154.html" - }, - { - "name" : "20040404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" - }, - { - "name" : "SSA:2004-108-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181" - }, - { - "name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch" - }, - { - "name" : "oval:org.mitre.oval:def:1042", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042" - }, - { - "name" : "oval:org.mitre.oval:def:9462", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462" - }, - { - "name" : "11368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11368" - }, - { - "name" : "11371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11371" - }, - { - "name" : "11374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11374" - }, - { - "name" : "11375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11375" - }, - { - "name" : "11377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11377" - }, - { - "name" : "11380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11380" - }, - { - "name" : "11391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11391" - }, - { - "name" : "11400", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11400" - }, - { - "name" : "11405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11405" - }, - { - "name" : "11548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11548" - }, - { - "name" : "cvs-rcs-create-files(15864)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11548" + }, + { + "name": "oval:org.mitre.oval:def:1042", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1042" + }, + { + "name": "oval:org.mitre.oval:def:9462", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9462" + }, + { + "name": "11400", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11400" + }, + { + "name": "11375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11375" + }, + { + "name": "DSA-486", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-486" + }, + { + "name": "MDKSA-2004:028", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:028" + }, + { + "name": "11368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11368" + }, + { + "name": "11380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11380" + }, + { + "name": "cvs-rcs-create-files(15864)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15864" + }, + { + "name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch" + }, + { + "name": "SSA:2004-108-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.400181" + }, + { + "name": "20040404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" + }, + { + "name": "FreeBSD-SA-04:07", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc" + }, + { + "name": "11374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11374" + }, + { + "name": "11377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11377" + }, + { + "name": "GLSA-200404-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200404-13.xml" + }, + { + "name": "11371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11371" + }, + { + "name": "RHSA-2004:153", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-153.html" + }, + { + "name": "FEDORA-2004-1620", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=108636445031613&w=2" + }, + { + "name": "11405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11405" + }, + { + "name": "RHSA-2004:154", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-154.html" + }, + { + "name": "11391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11391" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2024.json b/2004/2xxx/CVE-2004-2024.json index e2837366da0..0b8a22de426 100644 --- a/2004/2xxx/CVE-2004-2024.json +++ b/2004/2xxx/CVE-2004-2024.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zen-cart.com/modules/ipb/index.php?showtopic=4873", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/modules/ipb/index.php?showtopic=4873" - }, - { - "name" : "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zen-cart.com/modules/ipb/index.php?showtopic=4873", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/modules/ipb/index.php?showtopic=4873" + }, + { + "name": "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2218.json b/2004/2xxx/CVE-2004-2218.json index ab3e0200cb8..801cc0f3c6a 100644 --- a/2004/2xxx/CVE-2004-2218.json +++ b/2004/2xxx/CVE-2004-2218.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040814 Posible security bug in phpMyWebhosting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0207.html" - }, - { - "name" : "20040920 Re: Posible security bug in phpMyWebhosting", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-09/0247.html" - }, - { - "name" : "10942", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10942" - }, - { - "name" : "8976", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8976" - }, - { - "name" : "phpmywebhosting-pmwh-sql-injection(17005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmywebhosting-pmwh-sql-injection(17005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17005" + }, + { + "name": "10942", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10942" + }, + { + "name": "20040814 Posible security bug in phpMyWebhosting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0207.html" + }, + { + "name": "8976", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8976" + }, + { + "name": "20040920 Re: Posible security bug in phpMyWebhosting", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0247.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2768.json b/2004/2xxx/CVE-2004-2768.json index a0df919648a..fb63c9a0d6d 100644 --- a/2004/2xxx/CVE-2004-2768.json +++ b/2004/2xxx/CVE-2004-2768.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[isn] 20031215 The mysteriously persistently exploitable program explained.", - "refsource" : "MLIST", - "url" : "http://lists.jammed.com/ISN/2003/12/0056.html" - }, - { - "name" : "http://www.hackinglinuxexposed.com/articles/20031214.html", - "refsource" : "MISC", - "url" : "http://www.hackinglinuxexposed.com/articles/20031214.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692" - }, - { - "name" : "dpkg-setgid-privilege-escalation(59428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dpkg-setgid-privilege-escalation(59428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59428" + }, + { + "name": "http://www.hackinglinuxexposed.com/articles/20031214.html", + "refsource": "MISC", + "url": "http://www.hackinglinuxexposed.com/articles/20031214.html" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692" + }, + { + "name": "[isn] 20031215 The mysteriously persistently exploitable program explained.", + "refsource": "MLIST", + "url": "http://lists.jammed.com/ISN/2003/12/0056.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2492.json b/2008/2xxx/CVE-2008-2492.json index 24d955daffa..7887f374a7f 100644 --- a/2008/2xxx/CVE-2008-2492.json +++ b/2008/2xxx/CVE-2008-2492.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080526 Campus Bulletin Board v3.4 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492586/100/0/threaded" - }, - { - "name" : "29375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29375" - }, - { - "name" : "campusbulletinboard-multiple-sql-injection(42660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29375" + }, + { + "name": "campusbulletinboard-multiple-sql-injection(42660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42660" + }, + { + "name": "20080526 Campus Bulletin Board v3.4 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492586/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2562.json b/2008/2xxx/CVE-2008-2562.json index 2af5da3f6bf..8d31f29023c 100644 --- a/2008/2xxx/CVE-2008-2562.json +++ b/2008/2xxx/CVE-2008-2562.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5744", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5744" - }, - { - "name" : "29566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29566" - }, - { - "name" : "30423", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30423" - }, - { - "name" : "powerphlogger-edcss-sql-injection(42870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29566" + }, + { + "name": "30423", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30423" + }, + { + "name": "5744", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5744" + }, + { + "name": "powerphlogger-edcss-sql-injection(42870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42870" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0096.json b/2012/0xxx/CVE-2012-0096.json index 584629ba980..0f8f84e9ea0 100644 --- a/2012/0xxx/CVE-2012-0096.json +++ b/2012/0xxx/CVE-2012-0096.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "78422", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78422" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "sun-solarisunspec-dos(72498)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + }, + { + "name": "78422", + "refsource": "OSVDB", + "url": "http://osvdb.org/78422" + }, + { + "name": "sun-solarisunspec-dos(72498)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72498" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0420.json b/2012/0xxx/CVE-2012-0420.json index ac510287255..c77bf7978c4 100644 --- a/2012/0xxx/CVE-2012-0420.json +++ b/2012/0xxx/CVE-2012-0420.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=770630", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=770630" - }, - { - "name" : "https://support.novell.com/security/cve/CVE-2012-0420.html", - "refsource" : "CONFIRM", - "url" : "https://support.novell.com/security/cve/CVE-2012-0420.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=770630", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=770630" + }, + { + "name": "https://support.novell.com/security/cve/CVE-2012-0420.html", + "refsource": "CONFIRM", + "url": "https://support.novell.com/security/cve/CVE-2012-0420.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1053.json b/2012/1xxx/CVE-2012-1053.json index b8c7c66e127..aebb26d83a8 100644 --- a/2012/1xxx/CVE-2012-1053.json +++ b/2012/1xxx/CVE-2012-1053.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.puppetlabs.com/issues/12457", - "refsource" : "MISC", - "url" : "http://projects.puppetlabs.com/issues/12457" - }, - { - "name" : "http://projects.puppetlabs.com/issues/12458", - "refsource" : "MISC", - "url" : "http://projects.puppetlabs.com/issues/12458" - }, - { - "name" : "http://projects.puppetlabs.com/issues/12459", - "refsource" : "MISC", - "url" : "http://projects.puppetlabs.com/issues/12459" - }, - { - "name" : "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", - "refsource" : "CONFIRM", - "url" : "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14" - }, - { - "name" : "http://puppetlabs.com/security/cve/cve-2012-1053/", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2012-1053/" - }, - { - "name" : "DSA-2419", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2419" - }, - { - "name" : "SUSE-SU-2012:0325", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0835", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15087408" - }, - { - "name" : "USN-1372-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1372-1" - }, - { - "name" : "52158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52158" - }, - { - "name" : "79495", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/79495" - }, - { - "name" : "48157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48157" - }, - { - "name" : "48161", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48161" - }, - { - "name" : "48166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48166" - }, - { - "name" : "48290", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48290" - }, - { - "name" : "puppet-forked-priv-escalation(73445)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48157" + }, + { + "name": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14", + "refsource": "CONFIRM", + "url": "http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14" + }, + { + "name": "48166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48166" + }, + { + "name": "http://projects.puppetlabs.com/issues/12458", + "refsource": "MISC", + "url": "http://projects.puppetlabs.com/issues/12458" + }, + { + "name": "http://puppetlabs.com/security/cve/cve-2012-1053/", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2012-1053/" + }, + { + "name": "http://projects.puppetlabs.com/issues/12459", + "refsource": "MISC", + "url": "http://projects.puppetlabs.com/issues/12459" + }, + { + "name": "USN-1372-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1372-1" + }, + { + "name": "48290", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48290" + }, + { + "name": "79495", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/79495" + }, + { + "name": "48161", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48161" + }, + { + "name": "http://projects.puppetlabs.com/issues/12457", + "refsource": "MISC", + "url": "http://projects.puppetlabs.com/issues/12457" + }, + { + "name": "SUSE-SU-2012:0325", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html" + }, + { + "name": "puppet-forked-priv-escalation(73445)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73445" + }, + { + "name": "52158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52158" + }, + { + "name": "DSA-2419", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2419" + }, + { + "name": "openSUSE-SU-2012:0835", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15087408" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1389.json b/2012/1xxx/CVE-2012-1389.json index b970d6d84a7..c93b88c9d7c 100644 --- a/2012/1xxx/CVE-2012-1389.json +++ b/2012/1xxx/CVE-2012-1389.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1389-vulnerability-in-DiLongWeibo.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1389-vulnerability-in-DiLongWeibo.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1389-vulnerability-in-DiLongWeibo.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1389-vulnerability-in-DiLongWeibo.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1903.json b/2012/1xxx/CVE-2012-1903.json index f898ac315ae..34af9f14606 100644 --- a/2012/1xxx/CVE-2012-1903.json +++ b/2012/1xxx/CVE-2012-1903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5052.json b/2012/5xxx/CVE-2012-5052.json index c5b2d627902..d00a44d7c8a 100644 --- a/2012/5xxx/CVE-2012-5052.json +++ b/2012/5xxx/CVE-2012-5052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5066.json b/2012/5xxx/CVE-2012-5066.json index beeda1955b1..9577f8feb55 100644 --- a/2012/5xxx/CVE-2012-5066.json +++ b/2012/5xxx/CVE-2012-5066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1027675", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "1027675", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027675" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5148.json b/2012/5xxx/CVE-2012-5148.json index cb5995e3619..da35439f66f 100644 --- a/2012/5xxx/CVE-2012-5148.json +++ b/2012/5xxx/CVE-2012-5148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=167122", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=167122" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:15746", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=167122", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=167122" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:15746", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15746" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5189.json b/2012/5xxx/CVE-2012-5189.json index c09c86bbfb8..3179f2c1c53 100644 --- a/2012/5xxx/CVE-2012-5189.json +++ b/2012/5xxx/CVE-2012-5189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5189", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5189", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5745.json b/2012/5xxx/CVE-2012-5745.json index 6fd5c8a9fab..423791b0253 100644 --- a/2012/5xxx/CVE-2012-5745.json +++ b/2012/5xxx/CVE-2012-5745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3419.json b/2017/3xxx/CVE-2017-3419.json index 00d0be3ec7f..993da2b47eb 100644 --- a/2017/3xxx/CVE-2017-3419.json +++ b/2017/3xxx/CVE-2017-3419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CRM Technical Foundation", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95564", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95564", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95564" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3994.json b/2017/3xxx/CVE-2017-3994.json index 575c8569348..7d96eee3028 100644 --- a/2017/3xxx/CVE-2017-3994.json +++ b/2017/3xxx/CVE-2017-3994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3994", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3994", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6889.json b/2017/6xxx/CVE-2017-6889.json index 6775984d251..a3d46e70a68 100644 --- a/2017/6xxx/CVE-2017-6889.json +++ b/2017/6xxx/CVE-2017-6889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "ID" : "CVE-2017-6889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "LibRaw-demosaic-pack-GPL2", - "version" : { - "version_data" : [ - { - "version_value" : "0.x prior to 0.18.2" - } - ] - } - } - ] - }, - "vendor_name" : "LibRaw" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow error within the \"foveon_load_camf()\" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2017-6889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibRaw-demosaic-pack-GPL2", + "version": { + "version_data": [ + { + "version_value": "0.x prior to 0.18.2" + } + ] + } + } + ] + }, + "vendor_name": "LibRaw" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secuniaresearch.flexerasoftware.com/advisories/75000/", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/75000/" - }, - { - "name" : "https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716", - "refsource" : "CONFIRM", - "url" : "https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow error within the \"foveon_load_camf()\" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secuniaresearch.flexerasoftware.com/advisories/75000/", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/75000/" + }, + { + "name": "https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716", + "refsource": "CONFIRM", + "url": "https://github.com/LibRaw/LibRaw-demosaic-pack-GPL2/commit/194f592e205990ea8fce72b6c571c14350aca716" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7673.json b/2017/7xxx/CVE-2017-7673.json index 5af421dbf67..19a09ffa5d7 100644 --- a/2017/7xxx/CVE-2017-7673.json +++ b/2017/7xxx/CVE-2017-7673.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-7673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache OpenMeetings", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-7673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache OpenMeetings", + "version": { + "version_data": [ + { + "version_value": "1.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", - "refsource" : "MLIST", - "url" : "http://markmail.org/message/3hshl26omwjo6c5i" - }, - { - "name" : "99587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", + "refsource": "MLIST", + "url": "http://markmail.org/message/3hshl26omwjo6c5i" + }, + { + "name": "99587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99587" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7990.json b/2017/7xxx/CVE-2017-7990.json index e57a9c47306..16a954afae3 100644 --- a/2017/7xxx/CVE-2017-7990.json +++ b/2017/7xxx/CVE-2017-7990.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openmrs/openmrs-module-reporting/pull/141/commits/0023a659288538d2763835847d3414ecb18b931a#diff-50e25eddc5909110fa3d31090877c2fd", - "refsource" : "MISC", - "url" : "https://github.com/openmrs/openmrs-module-reporting/pull/141/commits/0023a659288538d2763835847d3414ecb18b931a#diff-50e25eddc5909110fa3d31090877c2fd" - }, - { - "name" : "https://www.youtube.com/watch?v=pfrIaNvIuFY", - "refsource" : "MISC", - "url" : "https://www.youtube.com/watch?v=pfrIaNvIuFY" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.youtube.com/watch?v=pfrIaNvIuFY", + "refsource": "MISC", + "url": "https://www.youtube.com/watch?v=pfrIaNvIuFY" + }, + { + "name": "https://github.com/openmrs/openmrs-module-reporting/pull/141/commits/0023a659288538d2763835847d3414ecb18b931a#diff-50e25eddc5909110fa3d31090877c2fd", + "refsource": "MISC", + "url": "https://github.com/openmrs/openmrs-module-reporting/pull/141/commits/0023a659288538d2763835847d3414ecb18b931a#diff-50e25eddc5909110fa3d31090877c2fd" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8002.json b/2017/8xxx/CVE-2017-8002.json index 215244cd0e8..0550ff1e093 100644 --- a/2017/8xxx/CVE-2017-8002.json +++ b/2017/8xxx/CVE-2017-8002.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Data Protection Advisor prior to 6.4", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Data Protection Advisor prior to 6.4" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Multiple Blind SQL Injection Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Data Protection Advisor prior to 6.4", + "version": { + "version_data": [ + { + "version_value": "EMC Data Protection Advisor prior to 6.4" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/12", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/12" - }, - { - "name" : "99487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99487" - }, - { - "name" : "1038841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple Blind SQL Injection Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/12", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Jul/12" + }, + { + "name": "1038841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038841" + }, + { + "name": "99487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99487" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8293.json b/2017/8xxx/CVE-2017-8293.json index 75926503e9d..17751550ca3 100644 --- a/2017/8xxx/CVE-2017-8293.json +++ b/2017/8xxx/CVE-2017-8293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8730.json b/2017/8xxx/CVE-2017-8730.json index ae8d56fb7a0..8b033665bc3 100644 --- a/2017/8xxx/CVE-2017-8730.json +++ b/2017/8xxx/CVE-2017-8730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10143.json b/2018/10xxx/CVE-2018-10143.json index d4b7c07a3af..82001232532 100644 --- a/2018/10xxx/CVE-2018-10143.json +++ b/2018/10xxx/CVE-2018-10143.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@paloaltonetworks.com", - "ID" : "CVE-2018-10143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Palo Alto Networks Expedition", - "version" : { - "version_data" : [ - { - "version_value" : "Expedition 1.0.107 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Palo Alto Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@paloaltonetworks.com", + "ID": "CVE-2018-10143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks Expedition", + "version": { + "version_data": [ + { + "version_value": "Expedition 1.0.107 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Palo Alto Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/", - "refsource" : "MISC", - "url" : "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/" - }, - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/138", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/138" - }, - { - "name" : "106174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106174" + }, + { + "name": "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/", + "refsource": "MISC", + "url": "https://doddsecurity.com/234/command-injection-on-palo-alto-networks-expedition/" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/138", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/138" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10531.json b/2018/10xxx/CVE-2018-10531.json index 60f410b50ec..d3669714d89 100644 --- a/2018/10xxx/CVE-2018-10531.json +++ b/2018/10xxx/CVE-2018-10531.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10531", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10531", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10599.json b/2018/10xxx/CVE-2018-10599.json index ade4e27e7ce..a8c91b11076 100644 --- a/2018/10xxx/CVE-2018-10599.json +++ b/2018/10xxx/CVE-2018-10599.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2018-10599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors", - "version" : { - "version_data" : [ - { - "version_value" : "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INFORMATION EXPOSURE CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2018-10599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors", + "version": { + "version_data": [ + { + "version_value": "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INFORMATION EXPOSURE CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10879.json b/2018/10xxx/CVE-2018-10879.json index dda4d2c7aa8..66a9588cba4 100644 --- a/2018/10xxx/CVE-2018-10879.json +++ b/2018/10xxx/CVE-2018-10879.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.2/CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/928666/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.ozlabs.org/patch/928666/" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/928667/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.ozlabs.org/patch/928667/" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200001", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200001" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3753-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-1/" - }, - { - "name" : "USN-3753-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-2/" - }, - { - "name" : "USN-3871-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-1/" - }, - { - "name" : "USN-3871-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-3/" - }, - { - "name" : "USN-3871-4", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-4/" - }, - { - "name" : "USN-3871-5", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3871-5/" - }, - { - "name" : "104902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "USN-3753-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-2/" + }, + { + "name": "USN-3871-5", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-5/" + }, + { + "name": "USN-3871-4", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-4/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "104902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104902" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879" + }, + { + "name": "http://patchwork.ozlabs.org/patch/928666/", + "refsource": "CONFIRM", + "url": "http://patchwork.ozlabs.org/patch/928666/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d" + }, + { + "name": "USN-3871-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-1/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "USN-3753-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-1/" + }, + { + "name": "USN-3871-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3871-3/" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200001", + "refsource": "CONFIRM", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200001" + }, + { + "name": "http://patchwork.ozlabs.org/patch/928667/", + "refsource": "CONFIRM", + "url": "http://patchwork.ozlabs.org/patch/928667/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13002.json b/2018/13xxx/CVE-2018-13002.json index b27378fde30..abcb3be8abc 100644 --- a/2018/13xxx/CVE-2018-13002.json +++ b/2018/13xxx/CVE-2018-13002.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2121", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2121", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2121" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13108.json b/2018/13xxx/CVE-2018-13108.json index 206669ac572..71320a81b52 100644 --- a/2018/13xxx/CVE-2018-13108.json +++ b/2018/13xxx/CVE-2018-13108.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542117/100/0/threaded" - }, - { - "name" : "44983", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44983/" - }, - { - "name" : "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/17" - }, - { - "name" : "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/17" + }, + { + "name": "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html" + }, + { + "name": "44983", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44983/" + }, + { + "name": "20180704 SEC Consult SA-20180704-0 :: Local root jailbreak via network file sharing flaw in all ADB Broadband Gateways / Routers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542117/100/0/threaded" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13138.json b/2018/13xxx/CVE-2018-13138.json index dd2c6fa245a..26d9f3abf82 100644 --- a/2018/13xxx/CVE-2018-13138.json +++ b/2018/13xxx/CVE-2018-13138.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13138", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13138", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13569.json b/2018/13xxx/CVE-2018-13569.json index 211ab49806b..6d8919b3421 100644 --- a/2018/13xxx/CVE-2018-13569.json +++ b/2018/13xxx/CVE-2018-13569.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HitToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HitToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for HitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HitToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HitToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13703.json b/2018/13xxx/CVE-2018-13703.json index 4e9065a1570..077d1d8160a 100644 --- a/2018/13xxx/CVE-2018-13703.json +++ b/2018/13xxx/CVE-2018-13703.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CERB_Coin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CERB_Coin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CERB_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CERB_Coin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CERB_Coin" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17095.json b/2018/17xxx/CVE-2018-17095.json index 8c98310eba6..f500b563359 100644 --- a/2018/17xxx/CVE-2018-17095.json +++ b/2018/17xxx/CVE-2018-17095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mpruett/audiofile/issues/50", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/50" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/51", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/51" - }, - { - "name" : "USN-3800-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3800-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mpruett/audiofile/issues/50", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/50" + }, + { + "name": "USN-3800-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3800-1/" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/51", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/51" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17192.json b/2018/17xxx/CVE-2018-17192.json index 5c055b08382..a0cb6dd0ce4 100644 --- a/2018/17xxx/CVE-2018-17192.json +++ b/2018/17xxx/CVE-2018-17192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2018-17192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache NiFi", - "version" : { - "version_data" : [ - { - "version_value" : "Apache NiFi 1.0.0 - 1.7.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Clickjacking" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2018-17192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.0.0 - 1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nifi.apache.org/security.html#CVE-2018-17192", - "refsource" : "CONFIRM", - "url" : "https://nifi.apache.org/security.html#CVE-2018-17192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Clickjacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nifi.apache.org/security.html#CVE-2018-17192", + "refsource": "CONFIRM", + "url": "https://nifi.apache.org/security.html#CVE-2018-17192" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17348.json b/2018/17xxx/CVE-2018-17348.json index efeeed733cf..f9a5b266e12 100644 --- a/2018/17xxx/CVE-2018-17348.json +++ b/2018/17xxx/CVE-2018-17348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17550.json b/2018/17xxx/CVE-2018-17550.json index c4da4ca7e72..e5fcdef8633 100644 --- a/2018/17xxx/CVE-2018-17550.json +++ b/2018/17xxx/CVE-2018-17550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17838.json b/2018/17xxx/CVE-2018-17838.json index 950e373b5ba..1927f0c88fd 100644 --- a/2018/17xxx/CVE-2018-17838.json +++ b/2018/17xxx/CVE-2018-17838.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-read", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-read" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in JTBC(PHP) 3.0.1.6. Arbitrary file read operations are possible via a /console/#/console/file/manage.php?type=list&path=c:/ substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-read", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/JTBC/blob/master/README.md#arbitrary-file-read" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20103.json b/2018/20xxx/CVE-2018-20103.json index 18b967973dc..fc4f3ee0d83 100644 --- a/2018/20xxx/CVE-2018-20103.json +++ b/2018/20xxx/CVE-2018-20103.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20103", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20103", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25", - "refsource" : "MISC", - "url" : "http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25" - }, - { - "name" : "RHBA-2019:0326", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHBA-2019:0326" - }, - { - "name" : "USN-3858-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3858-1/" - }, - { - "name" : "106280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106280" + }, + { + "name": "USN-3858-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3858-1/" + }, + { + "name": "RHBA-2019:0326", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHBA-2019:0326" + }, + { + "name": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25", + "refsource": "MISC", + "url": "http://git.haproxy.org/?p=haproxy.git;a=commit;h=58df5aea0a0c926b2238f65908f5e9f83d1cca25" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20555.json b/2018/20xxx/CVE-2018-20555.json index 53f5d52d6db..dcde430eb00 100644 --- a/2018/20xxx/CVE-2018-20555.json +++ b/2018/20xxx/CVE-2018-20555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9188.json b/2018/9xxx/CVE-2018-9188.json index 1b173639cde..8aa0870e0c3 100644 --- a/2018/9xxx/CVE-2018-9188.json +++ b/2018/9xxx/CVE-2018-9188.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9188", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9188", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9483.json b/2018/9xxx/CVE-2018-9483.json index 96c900e5b44..249edbe7a6a 100644 --- a/2018/9xxx/CVE-2018-9483.json +++ b/2018/9xxx/CVE-2018-9483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9483", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9483", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9787.json b/2018/9xxx/CVE-2018-9787.json index 5cd1cf9da6f..69a04aff0fc 100644 --- a/2018/9xxx/CVE-2018-9787.json +++ b/2018/9xxx/CVE-2018-9787.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9787", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9787", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9808.json b/2018/9xxx/CVE-2018-9808.json index a6f10e47b27..695fa4a5530 100644 --- a/2018/9xxx/CVE-2018-9808.json +++ b/2018/9xxx/CVE-2018-9808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9930.json b/2018/9xxx/CVE-2018-9930.json index 8dd3b04b447..b77c8595136 100644 --- a/2018/9xxx/CVE-2018-9930.json +++ b/2018/9xxx/CVE-2018-9930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9954.json b/2018/9xxx/CVE-2018-9954.json index 9137a3ff024..bf51b12a591 100644 --- a/2018/9xxx/CVE-2018-9954.json +++ b/2018/9xxx/CVE-2018-9954.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5529." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-338", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-338" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5529." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-338", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-338" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file