From 5fc761fbdf79a1c90fc1b435ddd14d7531d52b22 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:10:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0005.json | 180 +++++++++++++------------- 2002/0xxx/CVE-2002-0030.json | 150 ++++++++++----------- 2002/0xxx/CVE-2002-0203.json | 130 +++++++++---------- 2002/0xxx/CVE-2002-0504.json | 140 ++++++++++---------- 2002/0xxx/CVE-2002-0815.json | 130 +++++++++---------- 2002/1xxx/CVE-2002-1256.json | 150 ++++++++++----------- 2002/1xxx/CVE-2002-1513.json | 160 +++++++++++------------ 2002/1xxx/CVE-2002-1545.json | 120 ++++++++--------- 2002/1xxx/CVE-2002-1625.json | 150 ++++++++++----------- 2002/1xxx/CVE-2002-1843.json | 160 +++++++++++------------ 2002/1xxx/CVE-2002-1874.json | 150 ++++++++++----------- 2002/2xxx/CVE-2002-2385.json | 140 ++++++++++---------- 2003/0xxx/CVE-2003-0128.json | 200 ++++++++++++++-------------- 2009/1xxx/CVE-2009-1517.json | 160 +++++++++++------------ 2009/1xxx/CVE-2009-1542.json | 170 ++++++++++++------------ 2009/5xxx/CVE-2009-5059.json | 120 ++++++++--------- 2012/0xxx/CVE-2012-0583.json | 190 +++++++++++++-------------- 2012/3xxx/CVE-2012-3104.json | 34 ++--- 2012/3xxx/CVE-2012-3239.json | 34 ++--- 2012/3xxx/CVE-2012-3520.json | 230 ++++++++++++++++----------------- 2012/3xxx/CVE-2012-3784.json | 34 ++--- 2012/3xxx/CVE-2012-3975.json | 200 ++++++++++++++-------------- 2012/4xxx/CVE-2012-4035.json | 180 +++++++++++++------------- 2012/4xxx/CVE-2012-4868.json | 130 +++++++++---------- 2012/4xxx/CVE-2012-4942.json | 130 +++++++++---------- 2012/4xxx/CVE-2012-4959.json | 130 +++++++++---------- 2012/6xxx/CVE-2012-6676.json | 34 ++--- 2017/2xxx/CVE-2017-2642.json | 130 +++++++++---------- 2017/2xxx/CVE-2017-2675.json | 130 +++++++++---------- 2017/2xxx/CVE-2017-2732.json | 122 ++++++++--------- 2017/2xxx/CVE-2017-2825.json | 142 ++++++++++---------- 2017/6xxx/CVE-2017-6347.json | 170 ++++++++++++------------ 2017/6xxx/CVE-2017-6470.json | 160 +++++++++++------------ 2017/7xxx/CVE-2017-7398.json | 130 +++++++++---------- 2017/7xxx/CVE-2017-7643.json | 140 ++++++++++---------- 2017/7xxx/CVE-2017-7916.json | 140 ++++++++++---------- 2018/11xxx/CVE-2018-11681.json | 130 +++++++++---------- 2018/11xxx/CVE-2018-11720.json | 120 ++++++++--------- 2018/14xxx/CVE-2018-14249.json | 130 +++++++++---------- 2018/14xxx/CVE-2018-14607.json | 120 ++++++++--------- 2018/15xxx/CVE-2018-15194.json | 34 ++--- 2018/15xxx/CVE-2018-15371.json | 154 +++++++++++----------- 2018/15xxx/CVE-2018-15390.json | 164 +++++++++++------------ 2018/15xxx/CVE-2018-15834.json | 130 +++++++++---------- 2018/15xxx/CVE-2018-15969.json | 130 +++++++++---------- 2018/20xxx/CVE-2018-20217.json | 150 ++++++++++----------- 2018/20xxx/CVE-2018-20307.json | 120 ++++++++--------- 2018/20xxx/CVE-2018-20607.json | 120 ++++++++--------- 2018/20xxx/CVE-2018-20800.json | 120 ++++++++--------- 2018/9xxx/CVE-2018-9388.json | 34 ++--- 2018/9xxx/CVE-2018-9526.json | 130 +++++++++---------- 2018/9xxx/CVE-2018-9904.json | 34 ++--- 52 files changed, 3410 insertions(+), 3410 deletions(-) diff --git a/2002/0xxx/CVE-2002-0005.json b/2002/0xxx/CVE-2002-0005.json index eb0c6ee3f12..74257a04036 100644 --- a/2002/0xxx/CVE-2002-0005.json +++ b/2002/0xxx/CVE-2002-0005.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020102 w00w00 on AOL Instant Messenger (serious vulnerability)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=100998295512885&w=2" - }, - { - "name" : "20020102 AIM addendum", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/247944" - }, - { - "name" : "20020102 w00w00 on AOL Instant Messenger (serious vulnerability)", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72" - }, - { - "name" : "20020102 AIM addendum", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198" - }, - { - "name" : "VU#907819", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/907819" - }, - { - "name" : "3769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3769" - }, - { - "name" : "aim-game-overflow(7743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aim-game-overflow(7743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7743" + }, + { + "name": "VU#907819", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/907819" + }, + { + "name": "20020102 w00w00 on AOL Instant Messenger (serious vulnerability)", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72" + }, + { + "name": "20020102 AIM addendum", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198" + }, + { + "name": "3769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3769" + }, + { + "name": "20020102 w00w00 on AOL Instant Messenger (serious vulnerability)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=100998295512885&w=2" + }, + { + "name": "20020102 AIM addendum", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/247944" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0030.json b/2002/0xxx/CVE-2002-0030.json index dd191f51744..b2e1409e553 100644 --- a/2002/0xxx/CVE-2002-0030.json +++ b/2002/0xxx/CVE-2002-0030.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html" - }, - { - "name" : "20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html" - }, - { - "name" : "VU#549913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/549913" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#549913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/549913" + }, + { + "name": "20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004230.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JSHA-5EZQGZ" + }, + { + "name": "20030324 Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0148.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0203.json b/2002/0xxx/CVE-2002-0203.json index 779dd638296..6569dd2e7a5 100644 --- a/2002/0xxx/CVE-2002-0203.json +++ b/2002/0xxx/CVE-2002-0203.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020124 ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101190195430376&w=2" - }, - { - "name" : "http://www.tarantella.com/security/bulletin-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.tarantella.com/security/bulletin-03.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020124 ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101190195430376&w=2" + }, + { + "name": "http://www.tarantella.com/security/bulletin-03.html", + "refsource": "CONFIRM", + "url": "http://www.tarantella.com/security/bulletin-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0504.json b/2002/0xxx/CVE-2002-0504.json index 1492f8ab6d0..524b9de7539 100644 --- a/2002/0xxx/CVE-2002-0504.json +++ b/2002/0xxx/CVE-2002-0504.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020327 NFuse Cross Site Scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html" - }, - { - "name" : "4372", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4372" - }, - { - "name" : "nfuse-launch-css(8659)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8659.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nfuse-launch-css(8659)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8659.php" + }, + { + "name": "20020327 NFuse Cross Site Scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0334.html" + }, + { + "name": "4372", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4372" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0815.json b/2002/0xxx/CVE-2002-0815.json index 02181aee379..ff08522ea89 100644 --- a/2002/0xxx/CVE-2002-0815.json +++ b/2002/0xxx/CVE-2002-0815.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102796732924658&w=2" - }, - { - "name" : "20020729 RE: XWT Foundation Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102798282208686&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Javascript \"Same Origin Policy\" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020729 RE: XWT Foundation Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102798282208686&w=2" + }, + { + "name": "20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102796732924658&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1256.json b/2002/1xxx/CVE-2002-1256.json index 92872311c71..f2d27d73ec3 100644 --- a/2002/1xxx/CVE-2002-1256.json +++ b/2002/1xxx/CVE-2002-1256.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-070", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070" - }, - { - "name" : "win-smb-policy-modification(10843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10843" - }, - { - "name" : "6367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6367" - }, - { - "name" : "oval:org.mitre.oval:def:277", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-070", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070" + }, + { + "name": "oval:org.mitre.oval:def:277", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277" + }, + { + "name": "6367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6367" + }, + { + "name": "win-smb-policy-modification(10843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10843" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1513.json b/2002/1xxx/CVE-2002-1513.json index 1b08271b786..26aa87eab1c 100644 --- a/2002/1xxx/CVE-2002-1513.json +++ b/2002/1xxx/CVE-2002-1513.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020927 OpenVMS POP server local vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/293070" - }, - { - "name" : "20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html" - }, - { - "name" : "SSRT2371", - "refsource" : "COMPAQ", - "url" : "http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html" - }, - { - "name" : "5790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5790" - }, - { - "name" : "openvms-pop-gain-privileges(10236)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10236.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5790" + }, + { + "name": "openvms-pop-gain-privileges(10236)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10236.php" + }, + { + "name": "20020927 OpenVMS POP server local vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/293070" + }, + { + "name": "20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html" + }, + { + "name": "SSRT2371", + "refsource": "COMPAQ", + "url": "http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1545.json b/2002/1xxx/CVE-2002-1545.json index fef81ef0576..c1daeb6b3ce 100644 --- a/2002/1xxx/CVE-2002-1545.json +++ b/2002/1xxx/CVE-2002-1545.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021010 more silly bugs in cooolsoft 'personal ftp server'", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021010 more silly bugs in cooolsoft 'personal ftp server'", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1625.json b/2002/1xxx/CVE-2002-1625.json index e196c5076e6..d37f37551ee 100644 --- a/2002/1xxx/CVE-2002-1625.json +++ b/2002/1xxx/CVE-2002-1625.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False" - }, - { - "name" : "VU#128491", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/128491" - }, - { - "name" : "4567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4567" - }, - { - "name" : "flash-activex-plugin-dos(8925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macromedia Flash Player 6 does not terminate connections when the user leaves the web page, which allows remote attackers to cause a denial of service (bandwidth, resource, and CPU consumption) via the (1) loadMovie or (2) loadSound commands, which continue to execute until the browser is closed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4567" + }, + { + "name": "flash-activex-plugin-dos(8925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8925" + }, + { + "name": "VU#128491", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/128491" + }, + { + "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=22796&Method=Full&Title=Macromedia%20Flash%20Player%206%20Streaming%20Issue&Cache=False" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1843.json b/2002/1xxx/CVE-2002-1843.json index 5fae07df453..f68f8faf0b5 100644 --- a/2002/1xxx/CVE-2002-1843.json +++ b/2002/1xxx/CVE-2002-1843.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 SCAN Associates Advisory: perlbot 1.9.2 - Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/296134" - }, - { - "name" : "6008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6008" - }, - { - "name" : "6009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6009" - }, - { - "name" : "perlbot-filename-command-execution(10404)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10404.php" - }, - { - "name" : "perlbot-text-command-execution(10403)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10403.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perlbot-filename-command-execution(10404)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10404.php" + }, + { + "name": "6009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6009" + }, + { + "name": "6008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6008" + }, + { + "name": "perlbot-text-command-execution(10403)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10403.php" + }, + { + "name": "20021018 SCAN Associates Advisory: perlbot 1.9.2 - Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/296134" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1874.json b/2002/1xxx/CVE-2002-1874.json index e4c8f083554..ac312d28e9f 100644 --- a/2002/1xxx/CVE-2002-1874.json +++ b/2002/1xxx/CVE-2002-1874.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup", - "refsource" : "CONFIRM", - "url" : "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup" - }, - { - "name" : "6105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6105" - }, - { - "name" : "1005523", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005523" - }, - { - "name" : "astrocam-cgi-command-execution(10538)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10538.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request. NOTE: earlier disclosures stated that the affected versions were 1.7.1 through 2.1.2, but the vendor explicitly stated that these were incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup", + "refsource": "CONFIRM", + "url": "http://astrocam.svn.sourceforge.net/viewvc/astrocam/BUGS?view=markup" + }, + { + "name": "1005523", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005523" + }, + { + "name": "astrocam-cgi-command-execution(10538)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10538.php" + }, + { + "name": "6105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6105" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2385.json b/2002/2xxx/CVE-2002-2385.json index 5cf119a2c04..9e999feebe3 100644 --- a/2002/2xxx/CVE-2002-2385.json +++ b/2002/2xxx/CVE-2002-2385.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021110 Multiple Vuln. in Hotfoon.com", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0115.html" - }, - { - "name" : "6156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6156" - }, - { - "name" : "hotfoon-phone-number-bo(10593)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10593.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6156" + }, + { + "name": "hotfoon-phone-number-bo(10593)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10593.php" + }, + { + "name": "20021110 Multiple Vuln. in Hotfoon.com", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0115.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0128.json b/2003/0xxx/CVE-2003-0128.json index c3f901a8cd4..522a79c90ed 100644 --- a/2003/0xxx/CVE-2003-0128.json +++ b/2003/0xxx/CVE-2003-0128.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10" - }, - { - "name" : "GLSA-200303-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml" - }, - { - "name" : "RHSA-2003:108", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html" - }, - { - "name" : "MDKSA-2003:045", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045" - }, - { - "name" : "CLA-2003:648", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648" - }, - { - "name" : "20030321 GLSA: evolution (200303-18)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2" - }, - { - "name" : "7117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7117" - }, - { - "name" : "oval:org.mitre.oval:def:107", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200303-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10" + }, + { + "name": "MDKSA-2003:045", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045" + }, + { + "name": "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html" + }, + { + "name": "20030321 GLSA: evolution (200303-18)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104826470527308&w=2" + }, + { + "name": "7117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7117" + }, + { + "name": "CLA-2003:648", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648" + }, + { + "name": "RHSA-2003:108", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-108.html" + }, + { + "name": "oval:org.mitre.oval:def:107", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1517.json b/2009/1xxx/CVE-2009-1517.json index 15eda850b1f..ef92e7375f0 100644 --- a/2009/1xxx/CVE-2009-1517.json +++ b/2009/1xxx/CVE-2009-1517.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8523", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8523" - }, - { - "name" : "http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html", - "refsource" : "MISC", - "url" : "http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html" - }, - { - "name" : "34696", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34696" - }, - { - "name" : "1022120", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022120" - }, - { - "name" : "nortonghost-easysetupint-dos(50098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ActiveX control in EasySetupInt.dll 14.0.4.30167 in the EasySetup wizard in Symantec Norton Ghost 14.0 allow remote attackers to cause a denial of service (browser crash) and possibly execute arbitrary code via unspecified input to the (1) GetBackupLocationPath, (2) CallUninstall, (3) SetupDeleteVolume, (4) CanUseEasySetup, (5) CallAddInitialProtection, and (6) CallTour methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022120", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022120" + }, + { + "name": "http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html", + "refsource": "MISC", + "url": "http://www.shinnai.net/xplits/TXT_Gl6RHStS23c9DANArcJE.html" + }, + { + "name": "8523", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8523" + }, + { + "name": "nortonghost-easysetupint-dos(50098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50098" + }, + { + "name": "34696", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34696" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1542.json b/2009/1xxx/CVE-2009-1542.json index e2b61fbb18c..edcc5e87d87 100644 --- a/2009/1xxx/CVE-2009-1542.json +++ b/2009/1xxx/CVE-2009-1542.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-033", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033" - }, - { - "name" : "TA09-195A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" - }, - { - "name" : "oval:org.mitre.oval:def:6166", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166" - }, - { - "name" : "1022544", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022544" - }, - { - "name" : "35808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35808" - }, - { - "name" : "ADV-2009-1890", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka \"Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-1890", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1890" + }, + { + "name": "35808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35808" + }, + { + "name": "MS09-033", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-033" + }, + { + "name": "1022544", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022544" + }, + { + "name": "TA09-195A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html" + }, + { + "name": "oval:org.mitre.oval:def:6166", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6166" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5059.json b/2009/5xxx/CVE-2009-5059.json index aec847778fb..6c639790d47 100644 --- a/2009/5xxx/CVE-2009-5059.json +++ b/2009/5xxx/CVE-2009-5059.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27013341", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27013341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0583.json b/2012/0xxx/CVE-2012-0583.json index a7506d70965..eefe953ede6 100644 --- a/2012/0xxx/CVE-2012-0583.json +++ b/2012/0xxx/CVE-2012-0583.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53061" - }, - { - "name" : "1026934", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026934" - }, - { - "name" : "49179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49179" - }, - { - "name" : "48890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48890" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53061" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "1026934", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026934" + }, + { + "name": "48890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48890" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "49179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49179" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3104.json b/2012/3xxx/CVE-2012-3104.json index 8ef0c7addb5..c7d2afd2e73 100644 --- a/2012/3xxx/CVE-2012-3104.json +++ b/2012/3xxx/CVE-2012-3104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3104", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-3104", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3239.json b/2012/3xxx/CVE-2012-3239.json index aec242b31e9..ba1d9e99b63 100644 --- a/2012/3xxx/CVE-2012-3239.json +++ b/2012/3xxx/CVE-2012-3239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3520.json b/2012/3xxx/CVE-2012-3520.json index 8ff783103f0..2b77121d5a1 100644 --- a/2012/3xxx/CVE-2012-3520.json +++ b/2012/3xxx/CVE-2012-3520.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/22/1" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=850449", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=850449" - }, - { - "name" : "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" - }, - { - "name" : "openSUSE-SU-2012:1330", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html" - }, - { - "name" : "openSUSE-SU-2013:0261", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html" - }, - { - "name" : "USN-1610-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1610-1" - }, - { - "name" : "USN-1599-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1599-1" - }, - { - "name" : "55152", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55152" - }, - { - "name" : "50848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120822 CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/22/1" + }, + { + "name": "55152", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55152" + }, + { + "name": "openSUSE-SU-2012:1330", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00005.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e0e3cea46d31d23dc40df0a49a7a2c04fe8edfea" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" + }, + { + "name": "USN-1599-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1599-1" + }, + { + "name": "USN-1610-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1610-1" + }, + { + "name": "openSUSE-SU-2013:0261", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00018.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30" + }, + { + "name": "50848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50848" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=850449", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=850449" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3784.json b/2012/3xxx/CVE-2012-3784.json index 9e923b93671..0ab8d2cffd2 100644 --- a/2012/3xxx/CVE-2012-3784.json +++ b/2012/3xxx/CVE-2012-3784.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3784", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3784", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3975.json b/2012/3xxx/CVE-2012-3975.json index d307711bc20..5f4d122fd00 100644 --- a/2012/3xxx/CVE-2012-3975.json +++ b/2012/3xxx/CVE-2012-3975.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-68.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-68.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=770684", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=770684" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55311" - }, - { - "name" : "oval:org.mitre.oval:def:16855", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-68.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-68.html" + }, + { + "name": "55311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55311" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=770684", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=770684" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "oval:org.mitre.oval:def:16855", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16855" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4035.json b/2012/4xxx/CVE-2012-4035.json index 8fc06e0db4f..bbb2a6eee81 100644 --- a/2012/4xxx/CVE-2012-4035.json +++ b/2012/4xxx/CVE-2012-4035.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pbboard.com/forums/t10352.html", - "refsource" : "MISC", - "url" : "http://www.pbboard.com/forums/t10352.html" - }, - { - "name" : "http://www.pbboard.com/forums/t10353.html", - "refsource" : "MISC", - "url" : "http://www.pbboard.com/forums/t10353.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23101", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23101" - }, - { - "name" : "54916", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54916" - }, - { - "name" : "84481", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84481" - }, - { - "name" : "50153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50153" - }, - { - "name" : "pbboard-index-security-bypass(77506)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB23101", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23101" + }, + { + "name": "http://www.pbboard.com/forums/t10353.html", + "refsource": "MISC", + "url": "http://www.pbboard.com/forums/t10353.html" + }, + { + "name": "84481", + "refsource": "OSVDB", + "url": "http://osvdb.org/84481" + }, + { + "name": "54916", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54916" + }, + { + "name": "http://www.pbboard.com/forums/t10352.html", + "refsource": "MISC", + "url": "http://www.pbboard.com/forums/t10352.html" + }, + { + "name": "pbboard-index-security-bypass(77506)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77506" + }, + { + "name": "50153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50153" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4868.json b/2012/4xxx/CVE-2012-4868.json index c73f6e005e7..ff888bbd4bc 100644 --- a/2012/4xxx/CVE-2012-4868.json +++ b/2012/4xxx/CVE-2012-4868.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://exploitsdownload.com/exploit/na/kunena-20-sql-injection", - "refsource" : "MISC", - "url" : "http://exploitsdownload.com/exploit/na/kunena-20-sql-injection" - }, - { - "name" : "52636", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://exploitsdownload.com/exploit/na/kunena-20-sql-injection", + "refsource": "MISC", + "url": "http://exploitsdownload.com/exploit/na/kunena-20-sql-injection" + }, + { + "name": "52636", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52636" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4942.json b/2012/4xxx/CVE-2012-4942.json index f8d12ad0e89..18ef175c9f1 100644 --- a/2012/4xxx/CVE-2012-4942.json +++ b/2012/4xxx/CVE-2012-4942.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#427547", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/427547" - }, - { - "name" : "56427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#427547", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/427547" + }, + { + "name": "56427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56427" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4959.json b/2012/4xxx/CVE-2012-4959.json index e519396383c..a12d9ee43c8 100644 --- a/2012/4xxx/CVE-2012-4959.json +++ b/2012/4xxx/CVE-2012-4959.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959" - }, - { - "name" : "VU#273371", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/273371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#273371", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/273371" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6676.json b/2012/6xxx/CVE-2012-6676.json index d20b28be96c..0edd531a4cc 100644 --- a/2012/6xxx/CVE-2012-6676.json +++ b/2012/6xxx/CVE-2012-6676.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6676", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6676", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2642.json b/2017/2xxx/CVE-2017-2642.json index d0ed666f401..ac7a27d3f6f 100644 --- a/2017/2xxx/CVE-2017-2642.json +++ b/2017/2xxx/CVE-2017-2642.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 3.x has user fullname disclosure on the user preferences page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=355554", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=355554" - }, - { - "name" : "99606", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 3.x has user fullname disclosure on the user preferences page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99606", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99606" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=355554", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=355554" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2675.json b/2017/2xxx/CVE-2017-2675.json index 993f6ca396d..94358842db6 100644 --- a/2017/2xxx/CVE-2017-2675.json +++ b/2017/2xxx/CVE-2017-2675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "office@obdev.at", - "ID" : "CVE-2017-2675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Little Snitch", - "version" : { - "version_data" : [ - { - "version_value" : "3.0 - 3.7.3" - } - ] - } - } - ] - }, - "vendor_name" : "Objective Development Software GmbH" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Little Snitch", + "version": { + "version_data": [ + { + "version_value": "3.0 - 3.7.3" + } + ] + } + } + ] + }, + "vendor_name": "Objective Development Software GmbH" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/patrickwardle/status/849076615170711552", - "refsource" : "MISC", - "url" : "https://twitter.com/patrickwardle/status/849076615170711552" - }, - { - "name" : "https://www.obdev.at/products/littlesnitch/releasenotes.html", - "refsource" : "CONFIRM", - "url" : "https://www.obdev.at/products/littlesnitch/releasenotes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. The vulnerability is related to the installation of the configuration file \"at.obdev.littlesnitchd.plist\" which gets installed to /Library/LaunchDaemons." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.obdev.at/products/littlesnitch/releasenotes.html", + "refsource": "CONFIRM", + "url": "https://www.obdev.at/products/littlesnitch/releasenotes.html" + }, + { + "name": "https://twitter.com/patrickwardle/status/849076615170711552", + "refsource": "MISC", + "url": "https://twitter.com/patrickwardle/status/849076615170711552" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2732.json b/2017/2xxx/CVE-2017-2732.json index 21414803e2d..c6fd9fb6d38 100644 --- a/2017/2xxx/CVE-2017-2732.json +++ b/2017/2xxx/CVE-2017-2732.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HUAWEI HiLink APP (for IOS)", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier before 5.0.25.306" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HUAWEI HiLink APP (for IOS)", + "version": { + "version_data": [ + { + "version_value": "Versions earlier before 5.0.25.306" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei Hilink APP Versions earlier before 5.0.25.306 has an information leak vulnerability. An attacker may trick a user into installing a malicious application and application can access Hilink APP data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-hilinkapp-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2825.json b/2017/2xxx/CVE-2017-2825.json index 0a3a1a6d2b4..3fe0cd136fe 100644 --- a/2017/2xxx/CVE-2017-2825.json +++ b/2017/2xxx/CVE-2017-2825.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-20T00:00:00", - "ID" : "CVE-2017-2825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zabbix", - "version" : { - "version_data" : [ - { - "version_value" : "Zabbix Server 2.4.8.r1" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-20T00:00:00", + "ID": "CVE-2017-2825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zabbix", + "version": { + "version_data": [ + { + "version_value": "Zabbix Server 2.4.8.r1" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326" - }, - { - "name" : "DSA-3937", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3937" - }, - { - "name" : "98094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326" + }, + { + "name": "98094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98094" + }, + { + "name": "DSA-3937", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3937" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6347.json b/2017/6xxx/CVE-2017-6347.json index 1831f3c2279..ddd84159f59 100644 --- a/2017/6xxx/CVE-2017-6347.json +++ b/2017/6xxx/CVE-2017-6347.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170228 Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/28/5" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1427984", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1427984" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32" - }, - { - "name" : "96487", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1427984", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1427984" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32" + }, + { + "name": "[oss-security] 20170228 Linux: ip: fix IP_CHECKSUM handling (CVE-2017-6347)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/28/5" + }, + { + "name": "https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32" + }, + { + "name": "96487", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96487" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6470.json b/2017/6xxx/CVE-2017-6470.json index ae7bb69257b..59f0c167556 100644 --- a/2017/6xxx/CVE-2017-6470.json +++ b/2017/6xxx/CVE-2017-6470.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-10.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-10.html" - }, - { - "name" : "DSA-3811", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3811" - }, - { - "name" : "96563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-10.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-10.html" + }, + { + "name": "96563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96563" + }, + { + "name": "DSA-3811", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3811" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7398.json b/2017/7xxx/CVE-2017-7398.json index adf28bfbff7..5ece9bbba0e 100644 --- a/2017/7xxx/CVE-2017-7398.json +++ b/2017/7xxx/CVE-2017-7398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41821", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41821/" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Apr/4", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41821", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41821/" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/4", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7643.json b/2017/7xxx/CVE-2017-7643.json index 3280f0c71f5..a217f774295 100644 --- a/2017/7xxx/CVE-2017-7643.json +++ b/2017/7xxx/CVE-2017-7643.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41854", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41854/" - }, - { - "name" : "20170411 CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/54" - }, - { - "name" : "https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html", - "refsource" : "MISC", - "url" : "https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html", + "refsource": "MISC", + "url": "https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html" + }, + { + "name": "20170411 CVE-2017-7643 Local root privesc in Proxifier for Mac <= 2.18", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/54" + }, + { + "name": "41854", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41854/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7916.json b/2017/7xxx/CVE-2017-7916.json index 4440aa78910..f34e9c2b99b 100644 --- a/2017/7xxx/CVE-2017-7916.json +++ b/2017/7xxx/CVE-2017-7916.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ABB VSN300 WiFi Logger Card", - "version" : { - "version_data" : [ - { - "version_value" : "ABB VSN300 WiFi Logger Card" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ABB VSN300 WiFi Logger Card", + "version": { + "version_data": [ + { + "version_value": "ABB VSN300 WiFi Logger Card" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch", - "refsource" : "MISC", - "url" : "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03" - }, - { - "name" : "99558", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99558", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99558" + }, + { + "name": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "MISC", + "url": "http://search.abb.com/library/Download.aspx?DocumentID=9AKK107045A1977&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11681.json b/2018/11xxx/CVE-2018-11681.json index 58d1965e681..038fc4886e0 100644 --- a/2018/11xxx/CVE-2018-11681.json +++ b/2018/11xxx/CVE-2018-11681.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sadfud.me/explotos/CVE-2018-11629", - "refsource" : "MISC", - "url" : "http://sadfud.me/explotos/CVE-2018-11629" - }, - { - "name" : "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/", - "refsource" : "MISC", - "url" : "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron integration protocol Revision M to Revision Y." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sadfud.me/explotos/CVE-2018-11629", + "refsource": "MISC", + "url": "http://sadfud.me/explotos/CVE-2018-11629" + }, + { + "name": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/", + "refsource": "MISC", + "url": "https://reversecodes.wordpress.com/2018/06/02/0-day-tomando-el-control-de-las-instalaciones-de-la-nasa-en-cabo-canaveral/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11720.json b/2018/11xxx/CVE-2018-11720.json index 1f8f8c4b91f..a403625f169 100644 --- a/2018/11xxx/CVE-2018-11720.json +++ b/2018/11xxx/CVE-2018-11720.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xovis.com/security/xovis-sec-2018-003.html", - "refsource" : "CONFIRM", - "url" : "https://xovis.com/security/xovis-sec-2018-003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xovis.com/security/xovis-sec-2018-003.html", + "refsource": "CONFIRM", + "url": "https://xovis.com/security/xovis-sec-2018-003.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14249.json b/2018/14xxx/CVE-2018-14249.json index 9176e15b984..9d4ebbbaa65 100644 --- a/2018/14xxx/CVE-2018-14249.json +++ b/2018/14xxx/CVE-2018-14249.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-709", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-709" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-709", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-709" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14607.json b/2018/14xxx/CVE-2018-14607.json index 1c041148352..84721dbf373 100644 --- a/2018/14xxx/CVE-2018-14607.json +++ b/2018/14xxx/CVE-2018-14607.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/", - "refsource" : "MISC", - "url" : "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer record transferred in cleartext contains: Client ID, Full Name, Spouse's Full Name, Social Security Number, Spouse's Social Security Number, Occupation, Spouse's Occupation, Daytime Phone, Home Phone, Tax Preparer, Federal and State Taxes to File, Bank Name, Bank Account Number, and possibly other sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/", + "refsource": "MISC", + "url": "https://corporateblue.com/ultratax-cs-data-exposure-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15194.json b/2018/15xxx/CVE-2018-15194.json index 3cc741d501b..15fcdf1a443 100644 --- a/2018/15xxx/CVE-2018-15194.json +++ b/2018/15xxx/CVE-2018-15194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15371.json b/2018/15xxx/CVE-2018-15371.json index c841fdc777d..d584e4c5327 100644 --- a/2018/15xxx/CVE-2018-15371.json +++ b/2018/15xxx/CVE-2018-15371.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-09-26T16:00:00-0500", - "ID" : "CVE-2018-15371", - "STATE" : "PUBLIC", - "TITLE" : "Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS XE Software", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "6.7", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-09-26T16:00:00-0500", + "ID": "CVE-2018-15371", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XE Software", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180926 Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20180926-shell-access", - "defect" : [ - [ - "CSCvb79289" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by requesting access to the root shell of an affected device, after the shell access feature has been enabled. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.7", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180926 Cisco IOS XE Software Shell Access Authentication Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-shell-access" + } + ] + }, + "source": { + "advisory": "cisco-sa-20180926-shell-access", + "defect": [ + [ + "CSCvb79289" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15390.json b/2018/15xxx/CVE-2018-15390.json index 0073642861f..89ea426ddfc 100644 --- a/2018/15xxx/CVE-2018-15390.json +++ b/2018/15xxx/CVE-2018-15390.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15390", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Threat Defense Software ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "8.6", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15390", + "STATE": "PUBLIC", + "TITLE": "Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Threat Defense Software ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos" - }, - { - "name" : "105519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105519" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-ftd-inspect-dos", - "defect" : [ - [ - "CSCvh77456" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to release spinlocks when a device is running low on system memory, if the software is configured to apply FTP inspection and an access control rule to transit traffic, and the access control rule is associated with an FTP file policy. An attacker could exploit this vulnerability by sending a high rate of transit traffic through an affected device to cause a low-memory condition on the device. A successful exploit could allow the attacker to cause a software panic on the affected device, which could cause the device to reload and result in a temporary DoS condition." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "8.6", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Cisco Firepower Threat Defense Software FTP Inspection Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ftd-inspect-dos" + }, + { + "name": "105519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105519" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-ftd-inspect-dos", + "defect": [ + [ + "CSCvh77456" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15834.json b/2018/15xxx/CVE-2018-15834.json index c61c21f0c4f..04e52c6ac7b 100644 --- a/2018/15xxx/CVE-2018-15834.json +++ b/2018/15xxx/CVE-2018-15834.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/issues/11274", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/11274" - }, - { - "name" : "https://github.com/radare/radare2/pull/11300", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/pull/11300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/pull/11300", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/pull/11300" + }, + { + "name": "https://github.com/radare/radare2/issues/11274", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/11274" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15969.json b/2018/15xxx/CVE-2018-15969.json index 25239fa0895..44481763354 100644 --- a/2018/15xxx/CVE-2018-15969.json +++ b/2018/15xxx/CVE-2018-15969.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.4, 6.3, 6.2, 6.1, and 6.0 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stored Cross-site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager", + "version": { + "version_data": [ + { + "version_value": "6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html" - }, - { - "name" : "105576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105576" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20217.json b/2018/20xxx/CVE-2018-20217.json index b4e192a8f16..1c631f5d0f5 100644 --- a/2018/20xxx/CVE-2018-20217.json +++ b/2018/20xxx/CVE-2018-20217.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html" - }, - { - "name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", - "refsource" : "CONFIRM", - "url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763" - }, - { - "name" : "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", - "refsource" : "CONFIRM", - "url" : "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086" - }, - { - "name" : "FEDORA-2018-7db7ccda4d", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2018-7db7ccda4d", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KNHELH4YHNT6H2ESJWX2UIDXLBNGB2O/" + }, + { + "name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763", + "refsource": "CONFIRM", + "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763" + }, + { + "name": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086", + "refsource": "CONFIRM", + "url": "https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086" + }, + { + "name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20307.json b/2018/20xxx/CVE-2018-20307.json index d15860652af..c267f93d6d4 100644 --- a/2018/20xxx/CVE-2018-20307.json +++ b/2018/20xxx/CVE-2018-20307.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", - "refsource" : "MISC", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", + "refsource": "MISC", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20607.json b/2018/20xxx/CVE-2018-20607.json index 65dce9e6320..c0458eb24ab 100644 --- a/2018/20xxx/CVE-2018-20607.json +++ b/2018/20xxx/CVE-2018-20607.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imcat 4.4 allows remote attackers to obtain potentially sensitive debugging information via the root/tools/adbug/binfo.php URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20800.json b/2018/20xxx/CVE-2018-20800.json index 94fac2a507d..bd38f788b73 100644 --- a/2018/20xxx/CVE-2018-20800.json +++ b/2018/20xxx/CVE-2018-20800.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework", - "refsource" : "MISC", - "url" : "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework", + "refsource": "MISC", + "url": "https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9388.json b/2018/9xxx/CVE-2018-9388.json index d0849f35058..ff19b70e922 100644 --- a/2018/9xxx/CVE-2018-9388.json +++ b/2018/9xxx/CVE-2018-9388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9526.json b/2018/9xxx/CVE-2018-9526.json index 9f8f6a09f76..4e704c402e9 100644 --- a/2018/9xxx/CVE-2018-9526.json +++ b/2018/9xxx/CVE-2018-9526.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-11-01" - }, - { - "name" : "105847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105847" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9904.json b/2018/9xxx/CVE-2018-9904.json index 3d491ca08ec..d8f876f1702 100644 --- a/2018/9xxx/CVE-2018-9904.json +++ b/2018/9xxx/CVE-2018-9904.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9904", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9904", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file