From 3820275531c6178704bc5f1ff1dd521b6a27d680 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:57:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0194.json | 34 ++--- 2002/0xxx/CVE-2002-0331.json | 140 ++++++++++----------- 2002/1xxx/CVE-2002-1185.json | 190 ++++++++++++++-------------- 2002/1xxx/CVE-2002-1208.json | 34 ++--- 2003/0xxx/CVE-2003-0219.json | 150 +++++++++++----------- 2003/0xxx/CVE-2003-0950.json | 140 ++++++++++----------- 2003/1xxx/CVE-2003-1200.json | 180 +++++++++++++------------- 2003/1xxx/CVE-2003-1444.json | 130 +++++++++---------- 2003/1xxx/CVE-2003-1549.json | 190 ++++++++++++++-------------- 2004/2xxx/CVE-2004-2305.json | 140 ++++++++++----------- 2012/0xxx/CVE-2012-0059.json | 130 +++++++++---------- 2012/0xxx/CVE-2012-0293.json | 140 ++++++++++----------- 2012/0xxx/CVE-2012-0324.json | 150 +++++++++++----------- 2012/0xxx/CVE-2012-0751.json | 150 +++++++++++----------- 2012/0xxx/CVE-2012-0893.json | 34 ++--- 2012/1xxx/CVE-2012-1360.json | 34 ++--- 2012/1xxx/CVE-2012-1545.json | 150 +++++++++++----------- 2012/1xxx/CVE-2012-1825.json | 130 +++++++++---------- 2012/4xxx/CVE-2012-4587.json | 130 +++++++++---------- 2012/4xxx/CVE-2012-4855.json | 150 +++++++++++----------- 2012/5xxx/CVE-2012-5479.json | 160 +++++++++++------------ 2012/5xxx/CVE-2012-5617.json | 34 ++--- 2017/2xxx/CVE-2017-2209.json | 156 +++++++++++------------ 2017/2xxx/CVE-2017-2551.json | 138 ++++++++++---------- 2017/3xxx/CVE-2017-3065.json | 140 ++++++++++----------- 2017/3xxx/CVE-2017-3117.json | 160 +++++++++++------------ 2017/3xxx/CVE-2017-3127.json | 140 ++++++++++----------- 2017/3xxx/CVE-2017-3517.json | 132 +++++++++---------- 2017/3xxx/CVE-2017-3745.json | 120 +++++++++--------- 2017/3xxx/CVE-2017-3902.json | 140 ++++++++++----------- 2017/6xxx/CVE-2017-6409.json | 140 ++++++++++----------- 2017/6xxx/CVE-2017-6430.json | 170 ++++++++++++------------- 2017/6xxx/CVE-2017-6972.json | 150 +++++++++++----------- 2017/7xxx/CVE-2017-7190.json | 34 ++--- 2017/7xxx/CVE-2017-7203.json | 130 +++++++++---------- 2017/7xxx/CVE-2017-7457.json | 140 ++++++++++----------- 2017/7xxx/CVE-2017-7588.json | 130 +++++++++---------- 2017/7xxx/CVE-2017-7886.json | 120 +++++++++--------- 2017/8xxx/CVE-2017-8220.json | 120 +++++++++--------- 2018/10xxx/CVE-2018-10362.json | 130 +++++++++---------- 2018/10xxx/CVE-2018-10782.json | 34 ++--- 2018/10xxx/CVE-2018-10792.json | 34 ++--- 2018/14xxx/CVE-2018-14647.json | 224 ++++++++++++++++----------------- 2018/14xxx/CVE-2018-14693.json | 34 ++--- 2018/17xxx/CVE-2018-17062.json | 120 +++++++++--------- 2018/17xxx/CVE-2018-17249.json | 34 ++--- 2018/17xxx/CVE-2018-17281.json | 210 +++++++++++++++---------------- 2018/17xxx/CVE-2018-17601.json | 34 ++--- 2018/17xxx/CVE-2018-17682.json | 130 +++++++++---------- 2018/17xxx/CVE-2018-17955.json | 184 +++++++++++++-------------- 2018/20xxx/CVE-2018-20167.json | 140 ++++++++++----------- 2018/20xxx/CVE-2018-20175.json | 150 ++++++++++++---------- 2018/20xxx/CVE-2018-20382.json | 130 +++++++++---------- 2018/20xxx/CVE-2018-20699.json | 140 ++++++++++----------- 2018/9xxx/CVE-2018-9352.json | 34 ++--- 2018/9xxx/CVE-2018-9867.json | 130 +++++++++---------- 56 files changed, 3446 insertions(+), 3426 deletions(-) diff --git a/2002/0xxx/CVE-2002-0194.json b/2002/0xxx/CVE-2002-0194.json index 1a6774d7948..fa598a07b29 100644 --- a/2002/0xxx/CVE-2002-0194.json +++ b/2002/0xxx/CVE-2002-0194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0331.json b/2002/0xxx/CVE-2002-0331.json index e08be0ad8c8..75f62d2a74f 100644 --- a/2002/0xxx/CVE-2002-0331.json +++ b/2002/0xxx/CVE-2002-0331.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020227 BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101486044323352&w=2" - }, - { - "name" : "bpm-http-directory-traversal(8300)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8300.php" - }, - { - "name" : "4198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4198" + }, + { + "name": "bpm-http-directory-traversal(8300)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8300.php" + }, + { + "name": "20020227 BPM STUDIO PRO 4.2 DIRECTORY ESCAPE VULNERABILITY", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101486044323352&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1185.json b/2002/1xxx/CVE-2002-1185.json index cbe0699d8c5..9a44ce84ef2 100644 --- a/2002/1xxx/CVE-2002-1185.json +++ b/2002/1xxx/CVE-2002-1185.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" - }, - { - "name" : "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103970996205091&w=2" - }, - { - "name" : "AD20021211", - "refsource" : "EEYE", - "url" : "http://www.eeye.com/html/Research/Advisories/AD20021211.html" - }, - { - "name" : "MS02-066", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" - }, - { - "name" : "ie-png-bo(10662)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10662.php" - }, - { - "name" : "6216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6216" - }, - { - "name" : "oval:org.mitre.oval:def:393", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" - }, - { - "name" : "oval:org.mitre.oval:def:542", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka \"Malformed PNG Image File Failure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-066", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" + }, + { + "name": "6216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6216" + }, + { + "name": "AD20021211", + "refsource": "EEYE", + "url": "http://www.eeye.com/html/Research/Advisories/AD20021211.html" + }, + { + "name": "20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103970996205091&w=2" + }, + { + "name": "oval:org.mitre.oval:def:542", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542" + }, + { + "name": "ie-png-bo(10662)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10662.php" + }, + { + "name": "20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html" + }, + { + "name": "oval:org.mitre.oval:def:393", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1208.json b/2002/1xxx/CVE-2002-1208.json index 645bced8166..1755df4b05d 100644 --- a/2002/1xxx/CVE-2002-1208.json +++ b/2002/1xxx/CVE-2002-1208.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1208", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1208", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0219.json b/2003/0xxx/CVE-2003-0219.json index 36ac3cedae6..0dc4e004525 100644 --- a/2003/0xxx/CVE-2003-0219.json +++ b/2003/0xxx/CVE-2003-0219.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105155734411836&w=2" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10" - }, - { - "name" : "VU#641012", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/641012" - }, - { - "name" : "7179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7179" + }, + { + "name": "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105155734411836&w=2" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10" + }, + { + "name": "VU#641012", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/641012" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0950.json b/2003/0xxx/CVE-2003-0950.json index c829c369888..bdc93103a5b 100644 --- a/2003/0xxx/CVE-2003-0950.json +++ b/2003/0xxx/CVE-2003-0950.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031112 IClient Servlet Remote Command Execution Vulnerability", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/157" - }, - { - "name" : "9041", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9041" - }, - { - "name" : "peoplesoft-iclientservlet-file-upload(12805)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12805" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031112 IClient Servlet Remote Command Execution Vulnerability", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/157" + }, + { + "name": "peoplesoft-iclientservlet-file-upload(12805)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12805" + }, + { + "name": "9041", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9041" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1200.json b/2003/1xxx/CVE-2003-1200.json index 7764b151253..bb2365ccf1a 100644 --- a/2003/1xxx/CVE-2003-1200.json +++ b/2003/1xxx/CVE-2003-1200.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031229 [Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348454" - }, - { - "name" : "http://hat-squad.com/bugreport/mdaemon-raw.txt", - "refsource" : "MISC", - "url" : "http://hat-squad.com/bugreport/mdaemon-raw.txt" - }, - { - "name" : "20040314 Rosiello Security's exploit for MDaemon", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107936753929354&w=2" - }, - { - "name" : "9317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9317" - }, - { - "name" : "3255", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3255" - }, - { - "name" : "10512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10512" - }, - { - "name" : "mdaemon-form2raw-from-bo(14097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mdaemon-form2raw-from-bo(14097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14097" + }, + { + "name": "3255", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3255" + }, + { + "name": "http://hat-squad.com/bugreport/mdaemon-raw.txt", + "refsource": "MISC", + "url": "http://hat-squad.com/bugreport/mdaemon-raw.txt" + }, + { + "name": "10512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10512" + }, + { + "name": "20031229 [Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348454" + }, + { + "name": "9317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9317" + }, + { + "name": "20040314 Rosiello Security's exploit for MDaemon", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107936753929354&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1444.json b/2003/1xxx/CVE-2003-1444.json index affa3fc06af..d707c778f92 100644 --- a/2003/1xxx/CVE-2003-1444.json +++ b/2003/1xxx/CVE-2003-1444.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html" - }, - { - "name" : "kav-long-path-dos(11291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html" + }, + { + "name": "kav-long-path-dos(11291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1549.json b/2003/1xxx/CVE-2003-1549.json index 0bafe0e0367..18aff2ec392 100644 --- a/2003/1xxx/CVE-2003-1549.json +++ b/2003/1xxx/CVE-2003-1549.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/315317/30/25460/threaded" - }, - { - "name" : "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip", - "refsource" : "MISC", - "url" : "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip" - }, - { - "name" : "http://www.webmaster-mag.net/?module=distridoc&idCat=3", - "refsource" : "MISC", - "url" : "http://www.webmaster-mag.net/?module=distridoc&idCat=3" - }, - { - "name" : "7127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7127" - }, - { - "name" : "1006308", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006308" - }, - { - "name" : "8320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8320" - }, - { - "name" : "3717", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3717" - }, - { - "name" : "myabracadaweb-index-makw-xss(11557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1006308", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006308" + }, + { + "name": "7127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7127" + }, + { + "name": "20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/315317/30/25460/threaded" + }, + { + "name": "http://www.webmaster-mag.net/?module=distridoc&idCat=3", + "refsource": "MISC", + "url": "http://www.webmaster-mag.net/?module=distridoc&idCat=3" + }, + { + "name": "myabracadaweb-index-makw-xss(11557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11557" + }, + { + "name": "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip", + "refsource": "MISC", + "url": "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip" + }, + { + "name": "3717", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3717" + }, + { + "name": "8320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8320" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2305.json b/2004/2xxx/CVE-2004-2305.json index 939199267bd..6b4c74fbd6d 100644 --- a/2004/2xxx/CVE-2004-2305.json +++ b/2004/2xxx/CVE-2004-2305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9665" - }, - { - "name" : "1009074", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Feb/1009074.html" - }, - { - "name" : "etrust-antivirus-scan-bypass(15230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "etrust-antivirus-scan-bypass(15230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15230" + }, + { + "name": "1009074", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Feb/1009074.html" + }, + { + "name": "9665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9665" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0059.json b/2012/0xxx/CVE-2012-0059.json index e47d71a1c4e..298c08a8bd5 100644 --- a/2012/0xxx/CVE-2012-0059.json +++ b/2012/0xxx/CVE-2012-0059.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:0101", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0101.html" - }, - { - "name" : "RHSA-2012:0102", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0102.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:0101", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html" + }, + { + "name": "RHSA-2012:0102", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0293.json b/2012/0xxx/CVE-2012-0293.json index 8e31dbafd04..ebac0d43bbe 100644 --- a/2012/0xxx/CVE-2012-0293.json +++ b/2012/0xxx/CVE-2012-0293.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00" - }, - { - "name" : "52392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52392" - }, - { - "name" : "80201", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80201", + "refsource": "OSVDB", + "url": "http://osvdb.org/80201" + }, + { + "name": "52392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52392" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0324.json b/2012/0xxx/CVE-2012-0324.json index 133d908ea26..086eabe47a4 100644 --- a/2012/0xxx/CVE-2012-0324.json +++ b/2012/0xxx/CVE-2012-0324.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb", - "refsource" : "CONFIRM", - "url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb" - }, - { - "name" : "JVN#14791558", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN14791558/index.html" - }, - { - "name" : "JVNDB-2012-000022", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022" - }, - { - "name" : "52384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000022", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000022" + }, + { + "name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb", + "refsource": "CONFIRM", + "url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb" + }, + { + "name": "52384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52384" + }, + { + "name": "JVN#14791558", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN14791558/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0751.json b/2012/0xxx/CVE-2012-0751.json index ce578d273c1..15d1c40376b 100644 --- a/2012/0xxx/CVE-2012-0751.json +++ b/2012/0xxx/CVE-2012-0751.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-03.html" - }, - { - "name" : "openSUSE-SU-2012:0265", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:14985", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14985" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0265", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-03.html" + }, + { + "name": "oval:org.mitre.oval:def:14985", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14985" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0893.json b/2012/0xxx/CVE-2012-0893.json index 34092cbcf6c..73e91e28f1c 100644 --- a/2012/0xxx/CVE-2012-0893.json +++ b/2012/0xxx/CVE-2012-0893.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0893", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0893", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1360.json b/2012/1xxx/CVE-2012-1360.json index f157ac3d147..46ff0a8abe5 100644 --- a/2012/1xxx/CVE-2012-1360.json +++ b/2012/1xxx/CVE-2012-1360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1360", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1360", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1545.json b/2012/1xxx/CVE-2012-1545.json index 535923cc2cc..23bbe15364d 100644 --- a/2012/1xxx/CVE-2012-1545.json +++ b/2012/1xxx/CVE-2012-1545.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars", - "refsource" : "MISC", - "url" : "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" - }, - { - "name" : "http://pwn2own.zerodayinitiative.com/status.html", - "refsource" : "MISC", - "url" : "http://pwn2own.zerodayinitiative.com/status.html" - }, - { - "name" : "http://twitter.com/vupen/statuses/177895844828291073", - "refsource" : "MISC", - "url" : "http://twitter.com/vupen/statuses/177895844828291073" - }, - { - "name" : "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621", - "refsource" : "MISC", - "url" : "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pwn2own.zerodayinitiative.com/status.html", + "refsource": "MISC", + "url": "http://pwn2own.zerodayinitiative.com/status.html" + }, + { + "name": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars", + "refsource": "MISC", + "url": "http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars" + }, + { + "name": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621", + "refsource": "MISC", + "url": "http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621" + }, + { + "name": "http://twitter.com/vupen/statuses/177895844828291073", + "refsource": "MISC", + "url": "http://twitter.com/vupen/statuses/177895844828291073" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1825.json b/2012/1xxx/CVE-2012-1825.json index b9630aa8447..e80df9bdc3f 100644 --- a/2012/1xxx/CVE-2012-1825.json +++ b/2012/1xxx/CVE-2012-1825.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ" - }, - { - "name" : "VU#815532", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/815532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#815532", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/815532" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4587.json b/2012/4xxx/CVE-2012-4587.json index dd56b12a5b6..5bb458c1bce 100644 --- a/2012/4xxx/CVE-2012-4587.json +++ b/2012/4xxx/CVE-2012-4587.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10021", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10021" - }, - { - "name" : "mcafee-emm-dnssrv-spoofing(78130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mcafee-emm-dnssrv-spoofing(78130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78130" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4855.json b/2012/4xxx/CVE-2012-4855.json index 5b56cf19ec4..0d8feea65d3 100644 --- a/2012/4xxx/CVE-2012-4855.json +++ b/2012/4xxx/CVE-2012-4855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21618720", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21618720" - }, - { - "name" : "JR44528", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528" - }, - { - "name" : "JR45471", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471" - }, - { - "name" : "websphere-commerce-web-dos(79735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR44528", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528" + }, + { + "name": "JR45471", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471" + }, + { + "name": "websphere-commerce-web-dos(79735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79735" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21618720", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21618720" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5479.json b/2012/5xxx/CVE-2012-5479.json index 2fc053f2730..9c690b481e8 100644 --- a/2012/5xxx/CVE-2012-5479.json +++ b/2012/5xxx/CVE-2012-5479.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121119 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/11/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33791", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33791" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36346", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36346" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=216159", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=216159" - }, - { - "name" : "56505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56505" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=216159", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=216159" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36346", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36346" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33791", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33791" + }, + { + "name": "[oss-security] 20121119 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/11/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5617.json b/2012/5xxx/CVE-2012-5617.json index dde4f437e87..b923596edaa 100644 --- a/2012/5xxx/CVE-2012-5617.json +++ b/2012/5xxx/CVE-2012-5617.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5617", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5617", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2209.json b/2017/2xxx/CVE-2017-2209.json index 69f4bc0e2b3..f197344d897 100644 --- a/2017/2xxx/CVE-2017-2209.json +++ b/2017/2xxx/CVE-2017-2209.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of Houkokusyo Sakusei Shien Tool", - "version" : { - "version_data" : [ - { - "version_value" : "ver3.0.2(For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18)" - }, - { - "version_value" : "ver2.0 and later(For new installations) (The versions which were available on the website prior to 2017 April 4)" - } - ] - } - } - ] - }, - "vendor_name" : "Ministry of the Environment" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of Houkokusyo Sakusei Shien Tool", + "version": { + "version_data": [ + { + "version_value": "ver3.0.2(For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18)" + }, + { + "version_value": "ver2.0 and later(For new installations) (The versions which were available on the website prior to 2017 April 4)" + } + ] + } + } + ] + }, + "vendor_name": "Ministry of the Environment" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ghg-santeikohyo.env.go.jp/tool", - "refsource" : "MISC", - "url" : "http://ghg-santeikohyo.env.go.jp/tool" - }, - { - "name" : "http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdf", - "refsource" : "CONFIRM", - "url" : "http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdf" - }, - { - "name" : "http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdf", - "refsource" : "CONFIRM", - "url" : "http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdf" - }, - { - "name" : "JVN#24087303", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN24087303/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdf", + "refsource": "CONFIRM", + "url": "http://ghg-santeikohyo.env.go.jp/files/system/report_20170529_rev.pdf" + }, + { + "name": "http://ghg-santeikohyo.env.go.jp/tool", + "refsource": "MISC", + "url": "http://ghg-santeikohyo.env.go.jp/tool" + }, + { + "name": "JVN#24087303", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN24087303/index.html" + }, + { + "name": "http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdf", + "refsource": "CONFIRM", + "url": "http://ghg-santeikohyo.env.go.jp/files/system/report_20170526.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2551.json b/2017/2xxx/CVE-2017-2551.json index c21d018fd82..bcbddc09aeb 100644 --- a/2017/2xxx/CVE-2017-2551.json +++ b/2017/2xxx/CVE-2017-2551.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "larry0@me.com", - "DATE_ASSIGNED" : "2017-09-08", - "ID" : "CVE-2017-2551", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "backwpup", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "3.4.1" - } - ] - } - } - ] - }, - "vendor_name" : "Inpsyde" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-09-08", + "ID": "CVE-2017-2551", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "backwpup", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "3.4.1" + } + ] + } + } + ] + }, + "vendor_name": "Inpsyde" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=201", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=201" - }, - { - "name" : "https://wordpress.org/plugins/backwpup/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/backwpup/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/backwpup/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/backwpup/#developers" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=201", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=201" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3065.json b/2017/3xxx/CVE-2017-3065.json index c62774671a3..a7e2735d4e6 100644 --- a/2017/3xxx/CVE-2017-3065.json +++ b/2017/3xxx/CVE-2017-3065.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97556" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97556" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3117.json b/2017/3xxx/CVE-2017-3117.json index e72a3975fa0..3c186b0e211 100644 --- a/2017/3xxx/CVE-2017-3117.json +++ b/2017/3xxx/CVE-2017-3117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100180" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100180" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3127.json b/2017/3xxx/CVE-2017-3127.json index 1a2f159dfb4..b55c75aecf6 100644 --- a/2017/3xxx/CVE-2017-3127.json +++ b/2017/3xxx/CVE-2017-3127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-3127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Execution of unauthorized code or commands" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-3127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-017", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-017" - }, - { - "name" : "98048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98048" - }, - { - "name" : "1038367", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98048" + }, + { + "name": "https://fortiguard.com/psirt/FG-IR-17-017", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-017" + }, + { + "name": "1038367", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038367" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3517.json b/2017/3xxx/CVE-2017-3517.json index 90724c89c58..f5bb8a3edbb 100644 --- a/2017/3xxx/CVE-2017-3517.json +++ b/2017/3xxx/CVE-2017-3517.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JD Edwards EnterpriseOne Tools", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "9.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "JD Edwards EnterpriseOne Tools", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). The supported version that is affected is 9.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97722" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3745.json b/2017/3xxx/CVE-2017-3745.json index 9c2872a1b56..6cfc366601e 100644 --- a/2017/3xxx/CVE-2017-3745.json +++ b/2017/3xxx/CVE-2017-3745.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "ID" : "CVE-2017-3745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "XClarity Administrator", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Disclosure of credentials to a non-administrative user" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "ID": "CVE-2017-3745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XClarity Administrator", + "version": { + "version_data": [ + { + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-13671", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-13671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disclosure of credentials to a non-administrative user" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-13671", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-13671" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3902.json b/2017/3xxx/CVE-2017-3902.json index ab8df3724e8..e6027198dbb 100644 --- a/2017/3xxx/CVE-2017-3902.json +++ b/2017/3xxx/CVE-2017-3902.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-3902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ePO", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.3, 5.1.2, 5.1.1, and 5.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-3902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ePO", + "version": { + "version_data": [ + { + "version_value": "5.1.3, 5.1.2, 5.1.1, and 5.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10184", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10184" - }, - { - "name" : "96465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96465" - }, - { - "name" : "1037628", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96465" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10184", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10184" + }, + { + "name": "1037628", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037628" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6409.json b/2017/6xxx/CVE-2017-6409.json index 78e2d241029..8785a0c0be9 100644 --- a/2017/6xxx/CVE-2017-6409.json +++ b/2017/6xxx/CVE-2017-6409.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11" - }, - { - "name" : "96504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96504" - }, - { - "name" : "1037950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96504" + }, + { + "name": "1037950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037950" + }, + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6430.json b/2017/6xxx/CVE-2017-6430.json index 8c75e9cc35f..cef4e5c0bc1 100644 --- a/2017/6xxx/CVE-2017-6430.json +++ b/2017/6xxx/CVE-2017-6430.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170306 CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/540223/100/0/threaded" - }, - { - "name" : "https://github.com/Ettercap/ettercap/issues/782", - "refsource" : "MISC", - "url" : "https://github.com/Ettercap/ettercap/issues/782" - }, - { - "name" : "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506", - "refsource" : "MISC", - "url" : "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506" - }, - { - "name" : "DSA-3874", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3874" - }, - { - "name" : "96582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96582" - }, - { - "name" : "1038057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170306 CVE-2017-6430: Out-of-Bounds Read (DOS) Vulnerability in Ettercap Etterfilter utility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/540223/100/0/threaded" + }, + { + "name": "96582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96582" + }, + { + "name": "DSA-3874", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3874" + }, + { + "name": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506", + "refsource": "MISC", + "url": "https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506" + }, + { + "name": "https://github.com/Ettercap/ettercap/issues/782", + "refsource": "MISC", + "url": "https://github.com/Ettercap/ettercap/issues/782" + }, + { + "name": "1038057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038057" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6972.json b/2017/6xxx/CVE-2017-6972.json index 19ef0638f0b..06dc33d73aa 100644 --- a/2017/6xxx/CVE-2017-6972.json +++ b/2017/6xxx/CVE-2017-6972.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42314", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42314/" - }, - { - "name" : "https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/" - }, - { - "name" : "https://www.alienvault.com/forums/discussion/8698", - "refsource" : "CONFIRM", - "url" : "https://www.alienvault.com/forums/discussion/8698" - }, - { - "name" : "97016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/nfsen/news/2017/01/nfsen-138-released---security-fix/" + }, + { + "name": "97016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97016" + }, + { + "name": "42314", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42314/" + }, + { + "name": "https://www.alienvault.com/forums/discussion/8698", + "refsource": "CONFIRM", + "url": "https://www.alienvault.com/forums/discussion/8698" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7190.json b/2017/7xxx/CVE-2017-7190.json index 651d2f25f48..c4c4a8cc46d 100644 --- a/2017/7xxx/CVE-2017-7190.json +++ b/2017/7xxx/CVE-2017-7190.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7190", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7190", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7203.json b/2017/7xxx/CVE-2017-7203.json index 4126dd350cc..cdd7b125ce5 100644 --- a/2017/7xxx/CVE-2017-7203.json +++ b/2017/7xxx/CVE-2017-7203.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the \"ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ZoneMinder/ZoneMinder/issues/1797", - "refsource" : "CONFIRM", - "url" : "https://github.com/ZoneMinder/ZoneMinder/issues/1797" - }, - { - "name" : "97001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the \"ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ZoneMinder/ZoneMinder/issues/1797", + "refsource": "CONFIRM", + "url": "https://github.com/ZoneMinder/ZoneMinder/issues/1797" + }, + { + "name": "97001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97001" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7457.json b/2017/7xxx/CVE-2017-7457.json index a2ac55f643c..7c7a1dcddb1 100644 --- a/2017/7xxx/CVE-2017-7457.json +++ b/2017/7xxx/CVE-2017-7457.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML External Entity via \".AOP\" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41852", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41852/" - }, - { - "name" : "20170411 Moxa MX AOPC-Server v1.5 XML External Entity", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/51" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML External Entity via \".AOP\" files used by Moxa MX-AOPC Server 1.5 result in remote file disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt" + }, + { + "name": "20170411 Moxa MX AOPC-Server v1.5 XML External Entity", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/51" + }, + { + "name": "41852", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41852/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7588.json b/2017/7xxx/CVE-2017-7588.json index f2041180f9b..828819e71f6 100644 --- a/2017/7xxx/CVE-2017-7588.json +++ b/2017/7xxx/CVE-2017-7588.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41863", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41863/" - }, - { - "name" : "https://cxsecurity.com/blad/WLB-2017040064", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/blad/WLB-2017040064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41863", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41863/" + }, + { + "name": "https://cxsecurity.com/blad/WLB-2017040064", + "refsource": "MISC", + "url": "https://cxsecurity.com/blad/WLB-2017040064" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7886.json b/2017/7xxx/CVE-2017-7886.json index 2e113c031ba..57391c82816 100644 --- a/2017/7xxx/CVE-2017-7886.json +++ b/2017/7xxx/CVE-2017-7886.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxmole.com/advisories/foxmole-2017-02-23.txt", - "refsource" : "MISC", - "url" : "https://www.foxmole.com/advisories/foxmole-2017-02-23.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxmole.com/advisories/foxmole-2017-02-23.txt", + "refsource": "MISC", + "url": "https://www.foxmole.com/advisories/foxmole-2017-02-23.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8220.json b/2017/8xxx/CVE-2017-8220.json index 9f0ead09afe..559a2029ea6 100644 --- a/2017/8xxx/CVE-2017-8220.json +++ b/2017/8xxx/CVE-2017-8220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a \"host=\" line within HTTP POST data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html", - "refsource" : "MISC", - "url" : "https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a \"host=\" line within HTTP POST data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html", + "refsource": "MISC", + "url": "https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10362.json b/2018/10xxx/CVE-2018-10362.json index 1e04e07c40f..4357c886922 100644 --- a/2018/10xxx/CVE-2018-10362.json +++ b/2018/10xxx/CVE-2018-10362.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html", - "refsource" : "MISC", - "url" : "http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html" - }, - { - "name" : "https://github.com/phpLiteAdmin/pla/issues/11", - "refsource" : "MISC", - "url" : "https://github.com/phpLiteAdmin/pla/issues/11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html", + "refsource": "MISC", + "url": "http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html" + }, + { + "name": "https://github.com/phpLiteAdmin/pla/issues/11", + "refsource": "MISC", + "url": "https://github.com/phpLiteAdmin/pla/issues/11" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10782.json b/2018/10xxx/CVE-2018-10782.json index 41ae73f16da..96ca34f9b8e 100644 --- a/2018/10xxx/CVE-2018-10782.json +++ b/2018/10xxx/CVE-2018-10782.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10782", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10782", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10792.json b/2018/10xxx/CVE-2018-10792.json index 2bfd0dc2b02..a17908788c4 100644 --- a/2018/10xxx/CVE-2018-10792.json +++ b/2018/10xxx/CVE-2018-10792.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10792", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10792", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14647.json b/2018/14xxx/CVE-2018-14647.json index b82a1610d15..bc607c22acd 100644 --- a/2018/14xxx/CVE-2018-14647.json +++ b/2018/14xxx/CVE-2018-14647.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-14647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Python", - "version" : { - "version_data" : [ - { - "version_value" : "3.8, 3.7, 3.6, 3.5, 3.4, 2.7" - } - ] - } - } - ] - }, - "vendor_name" : "The Python Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-665" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-14647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Python", + "version": { + "version_data": [ + { + "version_value": "3.8, 3.7, 3.6, 3.5, 3.4, 2.7" + } + ] + } + } + ] + }, + "vendor_name": "The Python Project" + } ] - }, - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-335" - } + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7, 3.6, 3.5, 3.4, 2.7 are believed to be vulnerable." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.python.org/issue34623", - "refsource" : "MISC", - "url" : "https://bugs.python.org/issue34623" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647" - }, - { - "name" : "DSA-4306", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4306" - }, - { - "name" : "DSA-4307", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4307" - }, - { - "name" : "USN-3817-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3817-1/" - }, - { - "name" : "USN-3817-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3817-2/" - }, - { - "name" : "105396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105396" - }, - { - "name" : "1041740", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041740" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-665" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-335" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4306", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4306" + }, + { + "name": "USN-3817-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-2/" + }, + { + "name": "1041740", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041740" + }, + { + "name": "105396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105396" + }, + { + "name": "DSA-4307", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4307" + }, + { + "name": "https://bugs.python.org/issue34623", + "refsource": "MISC", + "url": "https://bugs.python.org/issue34623" + }, + { + "name": "USN-3817-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3817-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14647" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14693.json b/2018/14xxx/CVE-2018-14693.json index 8cb90a7858a..9dcfa876af3 100644 --- a/2018/14xxx/CVE-2018-14693.json +++ b/2018/14xxx/CVE-2018-14693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17062.json b/2018/17xxx/CVE-2018-17062.json index cbc935c631b..be2be1f15d7 100644 --- a/2018/17xxx/CVE-2018-17062.json +++ b/2018/17xxx/CVE-2018-17062.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html", - "refsource" : "MISC", - "url" : "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html", + "refsource": "MISC", + "url": "https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17249.json b/2018/17xxx/CVE-2018-17249.json index dab5c65d09f..8e0bb22acea 100644 --- a/2018/17xxx/CVE-2018-17249.json +++ b/2018/17xxx/CVE-2018-17249.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17249", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17249", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17281.json b/2018/17xxx/CVE-2018-17281.json index 96ba130fed1..26a1141c2a7 100644 --- a/2018/17xxx/CVE-2018-17281.json +++ b/2018/17xxx/CVE-2018-17281.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Sep/53" - }, - { - "name" : "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Sep/31" - }, - { - "name" : "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html" - }, - { - "name" : "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2018-009.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2018-009.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-28013", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-28013" - }, - { - "name" : "DSA-4320", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4320" - }, - { - "name" : "GLSA-201811-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-11" - }, - { - "name" : "105389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105389" - }, - { - "name" : "1041694", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041694", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041694" + }, + { + "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Sep/31" + }, + { + "name": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html" + }, + { + "name": "DSA-4320", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4320" + }, + { + "name": "20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Sep/53" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-28013", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-28013" + }, + { + "name": "[debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00034.html" + }, + { + "name": "GLSA-201811-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-11" + }, + { + "name": "105389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105389" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2018-009.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2018-009.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17601.json b/2018/17xxx/CVE-2018-17601.json index 88c9e2c6828..30a66ea39ae 100644 --- a/2018/17xxx/CVE-2018-17601.json +++ b/2018/17xxx/CVE-2018-17601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17601", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17601", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17682.json b/2018/17xxx/CVE-2018-17682.json index 5fd634c5d50..e97a73f457f 100644 --- a/2018/17xxx/CVE-2018-17682.json +++ b/2018/17xxx/CVE-2018-17682.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17682", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17682", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1151/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1151/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the delay property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7157." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1151/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1151/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17955.json b/2018/17xxx/CVE-2018-17955.json index 73f73d3a9c4..2e530a00ff6 100644 --- a/2018/17xxx/CVE-2018-17955.json +++ b/2018/17xxx/CVE-2018-17955.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2019-01-07T00:00:00.000Z", - "ID" : "CVE-2018-17955", - "STATE" : "PUBLIC", - "TITLE" : "Static tempfile name allows overwriting of arbitrary files" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "yast2-multipath", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "4.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "SUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Johannes Segitz of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection" - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "LOCAL", - "availabilityImpact" : "NONE", - "baseScore" : 2.2, - "baseSeverity" : "LOW", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-377" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-01-07T00:00:00.000Z", + "ID": "CVE-2018-17955", + "STATE": "PUBLIC", + "TITLE": "Static tempfile name allows overwriting of arbitrary files" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "yast2-multipath", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1117592", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1117592" - } - ] - }, - "source" : { - "advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1117592", - "defect" : [ - "1117592" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.2, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-377" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1117592", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117592" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117592", + "defect": [ + "1117592" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20167.json b/2018/20xxx/CVE-2018-20167.json index bd08bcef4b1..e573fedb35b 100644 --- a/2018/20xxx/CVE-2018-20167.json +++ b/2018/20xxx/CVE-2018-20167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe \"cat README.md\" command when \\e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://phab.enlightenment.org/T7504", - "refsource" : "MISC", - "url" : "https://phab.enlightenment.org/T7504" - }, - { - "name" : "https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2", - "refsource" : "MISC", - "url" : "https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2" - }, - { - "name" : "https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1", - "refsource" : "MISC", - "url" : "https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe \"cat README.md\" command when \\e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1", + "refsource": "MISC", + "url": "https://www.enlightenment.org/news/2018-12-16-terminology-1.3.1" + }, + { + "name": "https://phab.enlightenment.org/T7504", + "refsource": "MISC", + "url": "https://phab.enlightenment.org/T7504" + }, + { + "name": "https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2", + "refsource": "MISC", + "url": "https://phab.enlightenment.org/rTRM1ac204da9148e7bccb1b5f34b523e2094dfc39e2" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20175.json b/2018/20xxx/CVE-2018-20175.json index ae891de52cd..7c6029b1562 100644 --- a/2018/20xxx/CVE-2018-20175.json +++ b/2018/20xxx/CVE-2018-20175.json @@ -1,67 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", - "refsource" : "MISC", - "url" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" - }, - { - "name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", - "refsource" : "CONFIRM", - "url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "106938", + "url": "http://www.securityfocus.com/bid/106938" + }, + { + "name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", + "refsource": "MISC", + "url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-06", + "url": "https://security.gentoo.org/glsa/201903-06" + }, + { + "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", + "refsource": "CONFIRM", + "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4394", + "url": "https://www.debian.org/security/2019/dsa-4394" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20382.json b/2018/20xxx/CVE-2018-20382.json index d99346592e5..a2e3a6e9efb 100644 --- a/2018/20xxx/CVE-2018-20382.json +++ b/2018/20xxx/CVE-2018-20382.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jiuzhou BCM93383WRG 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", + "refsource": "MISC", + "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20699.json b/2018/20xxx/CVE-2018-20699.json index 56ddc9abacc..dacf7cf3d7d 100644 --- a/2018/20xxx/CVE-2018-20699.json +++ b/2018/20xxx/CVE-2018-20699.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/docker/engine/pull/70", - "refsource" : "MISC", - "url" : "https://github.com/docker/engine/pull/70" - }, - { - "name" : "https://github.com/moby/moby/pull/37967", - "refsource" : "MISC", - "url" : "https://github.com/moby/moby/pull/37967" - }, - { - "name" : "RHSA-2019:0487", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/docker/engine/pull/70", + "refsource": "MISC", + "url": "https://github.com/docker/engine/pull/70" + }, + { + "name": "https://github.com/moby/moby/pull/37967", + "refsource": "MISC", + "url": "https://github.com/moby/moby/pull/37967" + }, + { + "name": "RHSA-2019:0487", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0487" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9352.json b/2018/9xxx/CVE-2018-9352.json index d4a3404a2f8..62a96406812 100644 --- a/2018/9xxx/CVE-2018-9352.json +++ b/2018/9xxx/CVE-2018-9352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9867.json b/2018/9xxx/CVE-2018-9867.json index 6388cc3748d..9b92ec5e0f0 100644 --- a/2018/9xxx/CVE-2018-9867.json +++ b/2018/9xxx/CVE-2018-9867.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@sonicwall.com", - "ID" : "CVE-2018-9867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SonicOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.9.1.10 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "SonicWall" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285: Improper Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2018-9867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SonicOS", + "version": { + "version_data": [ + { + "version_value": "5.9.1.10 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2019-08", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2019-08" - }, - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0017" + }, + { + "name": "https://www.tenable.com/security/research/tra-2019-08", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2019-08" + } + ] + } +} \ No newline at end of file