From 634079e104c0749ab0b4874c0c470c3cd0ea7c8c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:58:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0046.json | 150 +++++------ 2002/0xxx/CVE-2002-0141.json | 140 +++++------ 2002/0xxx/CVE-2002-0335.json | 140 +++++------ 2002/0xxx/CVE-2002-0429.json | 210 ++++++++-------- 2002/0xxx/CVE-2002-0814.json | 170 ++++++------- 2002/1xxx/CVE-2002-1338.json | 160 ++++++------ 2002/1xxx/CVE-2002-1371.json | 210 ++++++++-------- 2002/1xxx/CVE-2002-1446.json | 150 +++++------ 2002/1xxx/CVE-2002-1972.json | 140 +++++------ 2002/2xxx/CVE-2002-2390.json | 160 ++++++------ 2003/0xxx/CVE-2003-0050.json | 150 +++++------ 2009/1xxx/CVE-2009-1324.json | 160 ++++++------ 2009/1xxx/CVE-2009-1340.json | 34 +-- 2012/0xxx/CVE-2012-0199.json | 130 +++++----- 2012/0xxx/CVE-2012-0395.json | 120 ++++----- 2012/0xxx/CVE-2012-0456.json | 440 ++++++++++++++++----------------- 2012/3xxx/CVE-2012-3508.json | 180 +++++++------- 2012/3xxx/CVE-2012-3779.json | 34 +-- 2012/3xxx/CVE-2012-3880.json | 34 +-- 2012/3xxx/CVE-2012-3897.json | 34 +-- 2012/3xxx/CVE-2012-3917.json | 34 +-- 2012/4xxx/CVE-2012-4116.json | 120 ++++----- 2012/4xxx/CVE-2012-4417.json | 160 ++++++------ 2012/4xxx/CVE-2012-4577.json | 160 ++++++------ 2012/6xxx/CVE-2012-6306.json | 34 +-- 2017/2xxx/CVE-2017-2609.json | 166 ++++++------- 2017/2xxx/CVE-2017-2923.json | 142 +++++------ 2017/2xxx/CVE-2017-2968.json | 130 +++++----- 2017/2xxx/CVE-2017-2980.json | 140 +++++------ 2017/6xxx/CVE-2017-6132.json | 160 ++++++------ 2017/6xxx/CVE-2017-6227.json | 122 ++++----- 2017/6xxx/CVE-2017-6264.json | 132 +++++----- 2017/6xxx/CVE-2017-6608.json | 140 +++++------ 2017/6xxx/CVE-2017-6857.json | 34 +-- 2017/7xxx/CVE-2017-7623.json | 130 +++++----- 2017/7xxx/CVE-2017-7720.json | 120 ++++----- 2017/7xxx/CVE-2017-7740.json | 34 +-- 2017/7xxx/CVE-2017-7897.json | 150 +++++------ 2018/11xxx/CVE-2018-11054.json | 160 ++++++------ 2018/11xxx/CVE-2018-11331.json | 130 +++++----- 2018/14xxx/CVE-2018-14527.json | 120 ++++----- 2018/14xxx/CVE-2018-14768.json | 130 +++++----- 2018/14xxx/CVE-2018-14780.json | 140 +++++------ 2018/15xxx/CVE-2018-15033.json | 34 +-- 2018/15xxx/CVE-2018-15218.json | 34 +-- 2018/15xxx/CVE-2018-15451.json | 178 ++++++------- 2018/15xxx/CVE-2018-15617.json | 194 +++++++-------- 2018/15xxx/CVE-2018-15706.json | 122 ++++----- 2018/20xxx/CVE-2018-20085.json | 34 +-- 2018/20xxx/CVE-2018-20313.json | 34 +-- 2018/20xxx/CVE-2018-20798.json | 120 ++++----- 2018/9xxx/CVE-2018-9433.json | 34 +-- 2018/9xxx/CVE-2018-9577.json | 120 ++++----- 2018/9xxx/CVE-2018-9780.json | 34 +-- 54 files changed, 3336 insertions(+), 3336 deletions(-) diff --git a/2002/0xxx/CVE-2002-0046.json b/2002/0xxx/CVE-2002-0046.json index 572a89b0142..bb170839fb8 100644 --- a/2002/0xxx/CVE-2002-0046.json +++ b/2002/0xxx/CVE-2002-0046.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020120 remote memory reading through tcp/icmp", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251418" - }, - { - "name" : "RHSA-2002:007", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-007.html" - }, - { - "name" : "icmp-read-memory(7998)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7998" - }, - { - "name" : "5394", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "icmp-read-memory(7998)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7998" + }, + { + "name": "5394", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5394" + }, + { + "name": "RHSA-2002:007", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-007.html" + }, + { + "name": "20020120 remote memory reading through tcp/icmp", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251418" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0141.json b/2002/0xxx/CVE-2002-0141.json index 03ad75438cc..08dc84568b6 100644 --- a/2002/0xxx/CVE-2002-0141.json +++ b/2002/0xxx/CVE-2002-0141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020120 Maelstrom 1.4.3 abartity file overwrite", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/251419" - }, - { - "name" : "3911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3911" - }, - { - "name" : "maelstrom-tmp-symlink(7939)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7939.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3911" + }, + { + "name": "20020120 Maelstrom 1.4.3 abartity file overwrite", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/251419" + }, + { + "name": "maelstrom-tmp-symlink(7939)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7939.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0335.json b/2002/0xxx/CVE-2002-0335.json index a46f478782d..ff74dc1ad36 100644 --- a/2002/0xxx/CVE-2002-0335.json +++ b/2002/0xxx/CVE-2002-0335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101484128203523&w=2" - }, - { - "name" : "4186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4186" - }, - { - "name" : "worldgroup-http-get-bo(8298)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8298.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4186" + }, + { + "name": "worldgroup-http-get-bo(8298)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8298.php" + }, + { + "name": "20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101484128203523&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0429.json b/2002/0xxx/CVE-2002-0429.json index 86afbed0a87..81703d4f2ac 100644 --- a/2002/0xxx/CVE-2002-0429.json +++ b/2002/0xxx/CVE-2002-0429.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020308 linux <=2.4.18 x86 traps.c problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101561298818888&w=2" - }, - { - "name" : "http://www.openwall.com/linux/", - "refsource" : "CONFIRM", - "url" : "http://www.openwall.com/linux/" - }, - { - "name" : "DSA-311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-311" - }, - { - "name" : "DSA-312", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-312" - }, - { - "name" : "DSA-332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-332" - }, - { - "name" : "DSA-336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-336" - }, - { - "name" : "DSA-442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-442" - }, - { - "name" : "RHSA-2002:158", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-158.html" - }, - { - "name" : "4259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4259" - }, - { - "name" : "linux-ibcs-lcall-process(8420)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8420.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-336" + }, + { + "name": "DSA-311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-311" + }, + { + "name": "DSA-332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-332" + }, + { + "name": "DSA-312", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-312" + }, + { + "name": "DSA-442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-442" + }, + { + "name": "RHSA-2002:158", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-158.html" + }, + { + "name": "20020308 linux <=2.4.18 x86 traps.c problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101561298818888&w=2" + }, + { + "name": "linux-ibcs-lcall-process(8420)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8420.php" + }, + { + "name": "4259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4259" + }, + { + "name": "http://www.openwall.com/linux/", + "refsource": "CONFIRM", + "url": "http://www.openwall.com/linux/" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0814.json b/2002/0xxx/CVE-2002-0814.json index a3a0abbb197..e074b6a34b4 100644 --- a/2002/0xxx/CVE-2002-0814.json +++ b/2002/0xxx/CVE-2002-0814.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020724 VMware GSX Server Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102752511030425&w=2" - }, - { - "name" : "20020726 Re: VMware GSX Server Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102765223418716&w=2" - }, - { - "name" : "20020805 VMware GSX Server 2.0.1 Release and Security Alert", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html" - }, - { - "name" : "http://www.vmware.com/download/gsx_security.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/download/gsx_security.html" - }, - { - "name" : "vmware-gsx-auth-bo(9663)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9663.php" - }, - { - "name" : "5294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/download/gsx_security.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/download/gsx_security.html" + }, + { + "name": "vmware-gsx-auth-bo(9663)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9663.php" + }, + { + "name": "20020805 VMware GSX Server 2.0.1 Release and Security Alert", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html" + }, + { + "name": "20020726 Re: VMware GSX Server Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102765223418716&w=2" + }, + { + "name": "5294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5294" + }, + { + "name": "20020724 VMware GSX Server Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102752511030425&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1338.json b/2002/1xxx/CVE-2002-1338.json index 9cef109f1e8..7b481913581 100644 --- a/2002/1xxx/CVE-2002-1338.json +++ b/2002/1xxx/CVE-2002-1338.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101830175621193&w=2" - }, - { - "name" : "http://security.greymagic.com/adv/gm008-ie/", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/adv/gm008-ie/" - }, - { - "name" : "VU#156123", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/156123" - }, - { - "name" : "4454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4454" - }, - { - "name" : "owc-chart-load-exist(8784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.greymagic.com/adv/gm008-ie/", + "refsource": "MISC", + "url": "http://security.greymagic.com/adv/gm008-ie/" + }, + { + "name": "owc-chart-load-exist(8784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8784" + }, + { + "name": "VU#156123", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/156123" + }, + { + "name": "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101830175621193&w=2" + }, + { + "name": "4454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4454" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1371.json b/2002/1xxx/CVE-2002-1371.json index 7a036e631cc..7a299cf4f8f 100644 --- a/2002/1xxx/CVE-2002-1371.json +++ b/2002/1xxx/CVE-2002-1371.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2" - }, - { - "name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" - }, - { - "name" : "http://www.idefense.com/advisory/12.19.02.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/12.19.02.txt" - }, - { - "name" : "CLSA-2003:702", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" - }, - { - "name" : "DSA-232", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-232" - }, - { - "name" : "MDKSA-2003:001", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" - }, - { - "name" : "RHSA-2002:295", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" - }, - { - "name" : "SuSE-SA:2003:002", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" - }, - { - "name" : "6439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6439" - }, - { - "name" : "cups-zero-width-images(10911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" + }, + { + "name": "CLSA-2003:702", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" + }, + { + "name": "DSA-232", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-232" + }, + { + "name": "SuSE-SA:2003:002", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html" + }, + { + "name": "http://www.idefense.com/advisory/12.19.02.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/12.19.02.txt" + }, + { + "name": "RHSA-2002:295", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html" + }, + { + "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2" + }, + { + "name": "MDKSA-2003:001", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" + }, + { + "name": "cups-zero-width-images(10911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10911" + }, + { + "name": "6439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6439" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1446.json b/2002/1xxx/CVE-2002-1446.json index d13a78e365b..0da0ab4fbb8 100644 --- a/2002/1xxx/CVE-2002-1446.json +++ b/2002/1xxx/CVE-2002-1446.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html" - }, - { - "name" : "http://www.ncipher.com/support/advisories/advisory5_c_verify.html", - "refsource" : "CONFIRM", - "url" : "http://www.ncipher.com/support/advisories/advisory5_c_verify.html" - }, - { - "name" : "5498", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5498" - }, - { - "name" : "ncipher-cverify-improper-verification(9895)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9895.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ncipher-cverify-improper-verification(9895)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9895.php" + }, + { + "name": "5498", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5498" + }, + { + "name": "http://www.ncipher.com/support/advisories/advisory5_c_verify.html", + "refsource": "CONFIRM", + "url": "http://www.ncipher.com/support/advisories/advisory5_c_verify.html" + }, + { + "name": "20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1972.json b/2002/1xxx/CVE-2002-1972.json index 7f2897318bb..f5421b9704c 100644 --- a/2002/1xxx/CVE-2002-1972.json +++ b/2002/1xxx/CVE-2002-1972.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/releases/101529/", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/releases/101529/" - }, - { - "name" : "1005534", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1005534" - }, - { - "name" : "pp-powerswitch-port-access(10552)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10552.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pp-powerswitch-port-access(10552)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10552.php" + }, + { + "name": "1005534", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1005534" + }, + { + "name": "http://freshmeat.net/releases/101529/", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/releases/101529/" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2390.json b/2002/2xxx/CVE-2002-2390.json index 3eb11952e17..63b5c36159e 100644 --- a/2002/2xxx/CVE-2002-2390.json +++ b/2002/2xxx/CVE-2002-2390.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020918 Trillian .74 and below, ident flaw.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html" - }, - { - "name" : "20020918 trillian DoS: trillian 1.0 pro also vulnerable", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html" - }, - { - "name" : "20020917 Trillian .74 and below, ident flaw.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html" - }, - { - "name" : "5733", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5733" - }, - { - "name" : "trillian-identd-bo(10118)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10118.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020918 trillian DoS: trillian 1.0 pro also vulnerable", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html" + }, + { + "name": "5733", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5733" + }, + { + "name": "20020918 Trillian .74 and below, ident flaw.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html" + }, + { + "name": "20020917 Trillian .74 and below, ident flaw.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html" + }, + { + "name": "trillian-identd-bo(10118)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10118.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0050.json b/2003/0xxx/CVE-2003-0050.json index f5a77b3b5c2..b564d86d107 100644 --- a/2003/0xxx/CVE-2003-0050.json +++ b/2003/0xxx/CVE-2003-0050.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2" - }, - { - "name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" - }, - { - "name" : "6954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6954" - }, - { - "name" : "quicktime-darwin-command-execution(11401)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11401.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" + }, + { + "name": "quicktime-darwin-command-execution(11401)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11401.php" + }, + { + "name": "6954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6954" + }, + { + "name": "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104618904330226&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1324.json b/2009/1xxx/CVE-2009-1324.json index c5aed8ac149..9233917fd92 100644 --- a/2009/1xxx/CVE-2009-1324.json +++ b/2009/1xxx/CVE-2009-1324.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8407", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8407" - }, - { - "name" : "8412", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8412" - }, - { - "name" : "34494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34494" - }, - { - "name" : "34681", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34681" - }, - { - "name" : "asxmp3-m3u-bo(49840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34681", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34681" + }, + { + "name": "asxmp3-m3u-bo(49840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49840" + }, + { + "name": "8412", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8412" + }, + { + "name": "8407", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8407" + }, + { + "name": "34494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34494" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1340.json b/2009/1xxx/CVE-2009-1340.json index 35647216ad9..45609d43ca1 100644 --- a/2009/1xxx/CVE-2009-1340.json +++ b/2009/1xxx/CVE-2009-1340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0199.json b/2012/0xxx/CVE-2012-0199.json index 667e9449028..ab2895eb63a 100644 --- a/2012/0xxx/CVE-2012-0199.json +++ b/2012/0xxx/CVE-2012-0199.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-12-040/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-12-040/" - }, - { - "name" : "tpme-multiple-sql-injection(73034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-12-040/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-040/" + }, + { + "name": "tpme-multiple-sql-injection(73034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73034" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0395.json b/2012/0xxx/CVE-2012-0395.json index 6298b6c53cb..7f3fe8031c1 100644 --- a/2012/0xxx/CVE-2012-0395.json +++ b/2012/0xxx/CVE-2012-0395.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-0395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120126 ESA-2012-005: EMC NetWorker buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/521374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120126 ESA-2012-005: EMC NetWorker buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/521374" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0456.json b/2012/0xxx/CVE-2012-0456.json index 33299f32048..2b84f895800 100644 --- a/2012/0xxx/CVE-2012-0456.json +++ b/2012/0xxx/CVE-2012-0456.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711653", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711653" - }, - { - "name" : "DSA-2433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2433" - }, - { - "name" : "DSA-2458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2458" - }, - { - "name" : "MDVSA-2012:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" - }, - { - "name" : "MDVSA-2012:032", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" - }, - { - "name" : "RHSA-2012:0387", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" - }, - { - "name" : "RHSA-2012:0388", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" - }, - { - "name" : "openSUSE-SU-2012:0417", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" - }, - { - "name" : "SUSE-SU-2012:0424", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" - }, - { - "name" : "SUSE-SU-2012:0425", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" - }, - { - "name" : "USN-1400-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-3" - }, - { - "name" : "USN-1400-4", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-4" - }, - { - "name" : "USN-1400-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-5" - }, - { - "name" : "USN-1400-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-2" - }, - { - "name" : "USN-1401-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1401-1" - }, - { - "name" : "USN-1400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1400-1" - }, - { - "name" : "oval:org.mitre.oval:def:15007", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007" - }, - { - "name" : "1026804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026804" - }, - { - "name" : "1026801", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026801" - }, - { - "name" : "1026803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026803" - }, - { - "name" : "48629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48629" - }, - { - "name" : "48513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48513" - }, - { - "name" : "48495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48495" - }, - { - "name" : "48496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48496" - }, - { - "name" : "48553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48553" - }, - { - "name" : "48561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48561" - }, - { - "name" : "48624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48624" - }, - { - "name" : "48823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48823" - }, - { - "name" : "48920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48920" - }, - { - "name" : "48402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48402" - }, - { - "name" : "48359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48359" - }, - { - "name" : "48414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0417", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" + }, + { + "name": "48402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48402" + }, + { + "name": "MDVSA-2012:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" + }, + { + "name": "48624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48624" + }, + { + "name": "SUSE-SU-2012:0424", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" + }, + { + "name": "USN-1400-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-5" + }, + { + "name": "48414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48414" + }, + { + "name": "48359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48359" + }, + { + "name": "48823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48823" + }, + { + "name": "USN-1401-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1401-1" + }, + { + "name": "USN-1400-4", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-4" + }, + { + "name": "48629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48629" + }, + { + "name": "USN-1400-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-3" + }, + { + "name": "RHSA-2012:0387", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html" + }, + { + "name": "48496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48496" + }, + { + "name": "SUSE-SU-2012:0425", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html" + }, + { + "name": "USN-1400-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-2" + }, + { + "name": "DSA-2458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2458" + }, + { + "name": "48920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48920" + }, + { + "name": "oval:org.mitre.oval:def:15007", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007" + }, + { + "name": "DSA-2433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2433" + }, + { + "name": "MDVSA-2012:032", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" + }, + { + "name": "1026803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026803" + }, + { + "name": "48495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48495" + }, + { + "name": "48553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48553" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=711653", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=711653" + }, + { + "name": "USN-1400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1400-1" + }, + { + "name": "48561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48561" + }, + { + "name": "RHSA-2012:0388", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html" + }, + { + "name": "1026801", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026801" + }, + { + "name": "1026804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026804" + }, + { + "name": "48513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48513" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3508.json b/2012/3xxx/CVE-2012-3508.json index 3cfe9de815d..d19eaa69449 100644 --- a/2012/3xxx/CVE-2012-3508.json +++ b/2012/3xxx/CVE-2012-3508.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using \"javascript:\" in an href attribute in the body of an HTML-formatted email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120820 CVE-request: Roundcube XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/20/2" - }, - { - "name" : "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/20/9" - }, - { - "name" : "http://www.securelist.com/en/advisories/50279", - "refsource" : "MISC", - "url" : "http://www.securelist.com/en/advisories/50279" - }, - { - "name" : "http://sourceforge.net/news/?group_id=139281&id=309011", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/news/?group_id=139281&id=309011" - }, - { - "name" : "http://trac.roundcube.net/ticket/1488613", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1488613" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee", - "refsource" : "CONFIRM", - "url" : "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee" - }, - { - "name" : "50279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using \"javascript:\" in an href attribute in the body of an HTML-formatted email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.roundcube.net/ticket/1488613", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1488613" + }, + { + "name": "50279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50279" + }, + { + "name": "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee", + "refsource": "CONFIRM", + "url": "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee" + }, + { + "name": "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/20/9" + }, + { + "name": "[oss-security] 20120820 CVE-request: Roundcube XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/20/2" + }, + { + "name": "http://www.securelist.com/en/advisories/50279", + "refsource": "MISC", + "url": "http://www.securelist.com/en/advisories/50279" + }, + { + "name": "http://sourceforge.net/news/?group_id=139281&id=309011", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/news/?group_id=139281&id=309011" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3779.json b/2012/3xxx/CVE-2012-3779.json index 3d43b7d7db0..4462d84f783 100644 --- a/2012/3xxx/CVE-2012-3779.json +++ b/2012/3xxx/CVE-2012-3779.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3779", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3779", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3880.json b/2012/3xxx/CVE-2012-3880.json index dc58005d96e..7a3d365980c 100644 --- a/2012/3xxx/CVE-2012-3880.json +++ b/2012/3xxx/CVE-2012-3880.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3880", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3880", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3897.json b/2012/3xxx/CVE-2012-3897.json index ee63def4491..14c9f567111 100644 --- a/2012/3xxx/CVE-2012-3897.json +++ b/2012/3xxx/CVE-2012-3897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3917.json b/2012/3xxx/CVE-2012-3917.json index 1b00069de8d..fd12601eae2 100644 --- a/2012/3xxx/CVE-2012-3917.json +++ b/2012/3xxx/CVE-2012-3917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4116.json b/2012/4xxx/CVE-2012-4116.json index 92f4ef6a75f..fc3454180a5 100644 --- a/2012/4xxx/CVE-2012-4116.json +++ b/2012/4xxx/CVE-2012-4116.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131017 Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131017 Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4417.json b/2012/4xxx/CVE-2012-4417.json index b72384cb020..ffd1c948919 100644 --- a/2012/4xxx/CVE-2012-4417.json +++ b/2012/4xxx/CVE-2012-4417.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=856341", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=856341" - }, - { - "name" : "RHSA-2012:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1456.html" - }, - { - "name" : "56522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56522" - }, - { - "name" : "1027756", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027756" - }, - { - "name" : "redhat-storage-glusterfs-symlink(80074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1456.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=856341", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856341" + }, + { + "name": "1027756", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027756" + }, + { + "name": "redhat-storage-glusterfs-symlink(80074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074" + }, + { + "name": "56522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56522" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4577.json b/2012/4xxx/CVE-2012-4577.json index 351818db6f4..7d4b932d648 100644 --- a/2012/4xxx/CVE-2012-4577.json +++ b/2012/4xxx/CVE-2012-4577.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of \"password\" for the root account, which allows remote attackers to obtain administrative access via an SSH session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity", - "refsource" : "MISC", - "url" : "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02" - }, - { - "name" : "55196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55196" - }, - { - "name" : "jetport-default-password(77992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of \"password\" for the root account, which allows remote attackers to obtain administrative access via an SSH session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jetport-default-password(77992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77992" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02" + }, + { + "name": "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity", + "refsource": "MISC", + "url": "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity" + }, + { + "name": "55196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55196" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6306.json b/2012/6xxx/CVE-2012-6306.json index 2f2ffd767f7..c5f5bcdf3cd 100644 --- a/2012/6xxx/CVE-2012-6306.json +++ b/2012/6xxx/CVE-2012-6306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2609.json b/2017/2xxx/CVE-2017-2609.json index 23465530515..e6290958ed6 100644 --- a/2017/2xxx/CVE-2017-2609.json +++ b/2017/2xxx/CVE-2017-2609.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "jenkins 2.44" - }, - { - "version_value" : "jenkins 2.32.2" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jenkins", + "version": { + "version_data": [ + { + "version_value": "jenkins 2.44" + }, + { + "version_value": "jenkins 2.32.2" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319" - }, - { - "name" : "95964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95964" + }, + { + "name": "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2923.json b/2017/2xxx/CVE-2017-2923.json index 1b9088e2c7b..8c1f22800f5 100644 --- a/2017/2xxx/CVE-2017-2923.json +++ b/2017/2xxx/CVE-2017-2923.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-09-11T00:00:00", - "ID" : "CVE-2017-2923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeXL", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Alessandro Furieri" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-09-11T00:00:00", + "ID": "CVE-2017-2923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeXL", + "version": { + "version_data": [ + { + "version_value": "1.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Alessandro Furieri" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430" - }, - { - "name" : "DSA-3976", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3976" - }, - { - "name" : "100807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3976", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3976" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430" + }, + { + "name": "100807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100807" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2968.json b/2017/2xxx/CVE-2017-2968.json index 85fb0a7e212..077c248d3a5 100644 --- a/2017/2xxx/CVE-2017-2968.json +++ b/2017/2xxx/CVE-2017-2968.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2968", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Campaign 16.4 Build 8724 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Campaign 16.4 Build 8724 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code Injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2968", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Campaign 16.4 Build 8724 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Campaign 16.4 Build 8724 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html" - }, - { - "name" : "96197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96197" + }, + { + "name": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2980.json b/2017/2xxx/CVE-2017-2980.json index 9090f9a5d27..3c7eb407f95 100644 --- a/2017/2xxx/CVE-2017-2980.json +++ b/2017/2xxx/CVE-2017-2980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.3 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.3 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.3 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.3 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html" - }, - { - "name" : "96195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96195" - }, - { - "name" : "1037816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037816" + }, + { + "name": "96195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96195" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6132.json b/2017/6xxx/CVE-2017-6132.json index 7771e616674..14ca298ca5e 100644 --- a/2017/6xxx/CVE-2017-6132.json +++ b/2017/6xxx/CVE-2017-6132.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-6132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe", - "version" : { - "version_data" : [ - { - "version_value" : "13.0.0" - }, - { - "version_value" : "12.0.0 - 12.1.2" - }, - { - "version_value" : "11.6.0 - 11.6.1" - }, - { - "version_value" : "11.5.0 - 11.5.4" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-6132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe", + "version": { + "version_data": [ + { + "version_value": "13.0.0" + }, + { + "version_value": "12.0.0 - 12.1.2" + }, + { + "version_value": "11.6.0 - 11.6.1" + }, + { + "version_value": "11.5.0 - 11.5.4" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K12044607", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K12044607" - }, - { - "name" : "102333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102333" - }, - { - "name" : "1040049", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102333" + }, + { + "name": "https://support.f5.com/csp/article/K12044607", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K12044607" + }, + { + "name": "1040049", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040049" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6227.json b/2017/6xxx/CVE-2017-6227.json index 0854d5beae3..12ca63779f0 100644 --- a/2017/6xxx/CVE-2017-6227.json +++ b/2017/6xxx/CVE-2017-6227.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@brocade.com", - "DATE_PUBLIC" : "2018-01-31T00:00:00", - "ID" : "CVE-2017-6227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Brocade FABRIC OS", - "version" : { - "version_data" : [ - { - "version_value" : "all versions before 7.4.2b, 8.1.2 and 8.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Brocade Communications Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOS" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@brocade.com", + "DATE_PUBLIC": "2018-01-31T00:00:00", + "ID": "CVE-2017-6227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Brocade FABRIC OS", + "version": { + "version_data": [ + { + "version_value": "all versions before 7.4.2b, 8.1.2 and 8.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Brocade Communications Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526", - "refsource" : "CONFIRM", - "url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526", + "refsource": "CONFIRM", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6264.json b/2017/6xxx/CVE-2017-6264.json index b9646eadd53..b667a22c35c 100644 --- a/2017/6xxx/CVE-2017-6264.json +++ b/2017/6xxx/CVE-2017-6264.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-6264", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-6264", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101744" + }, + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6608.json b/2017/6xxx/CVE-2017-6608.json index 92588c63bad..1d2b01f33ef 100644 --- a/2017/6xxx/CVE-2017-6608.json +++ b/2017/6xxx/CVE-2017-6608.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco ASA Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco ASA Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASA Software", + "version": { + "version_data": [ + { + "version_value": "Cisco ASA Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls" - }, - { - "name" : "97937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97937" - }, - { - "name" : "1038315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97937" + }, + { + "name": "1038315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038315" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6857.json b/2017/6xxx/CVE-2017-6857.json index 8519ab38bd3..5535eb4c9a7 100644 --- a/2017/6xxx/CVE-2017-6857.json +++ b/2017/6xxx/CVE-2017-6857.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6857", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6857", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7623.json b/2017/7xxx/CVE-2017-7623.json index 996e8a0693e..cd7a3902995 100644 --- a/2017/7xxx/CVE-2017-7623.json +++ b/2017/7xxx/CVE-2017-7623.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsummers/imageworsener/issues/12", - "refsource" : "CONFIRM", - "url" : "https://github.com/jsummers/imageworsener/issues/12" - }, - { - "name" : "97577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jsummers/imageworsener/issues/12", + "refsource": "CONFIRM", + "url": "https://github.com/jsummers/imageworsener/issues/12" + }, + { + "name": "97577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97577" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7720.json b/2017/7xxx/CVE-2017-7720.json index 935cee80591..4b2bc44f036 100644 --- a/2017/7xxx/CVE-2017-7720.json +++ b/2017/7xxx/CVE-2017-7720.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41916", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41916/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41916", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41916/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7740.json b/2017/7xxx/CVE-2017-7740.json index a9359d93acb..796903fda49 100644 --- a/2017/7xxx/CVE-2017-7740.json +++ b/2017/7xxx/CVE-2017-7740.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7740", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7740", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7897.json b/2017/7xxx/CVE-2017-7897.json index b60772c6afb..ef31a8ad55f 100644 --- a/2017/7xxx/CVE-2017-7897.json +++ b/2017/7xxx/CVE-2017-7897.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=22742", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=22742" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1" - }, - { - "name" : "https://github.com/mantisbt/mantisbt/pull/1094", - "refsource" : "CONFIRM", - "url" : "https://github.com/mantisbt/mantisbt/pull/1094" - }, - { - "name" : "1038278", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mantisbt.org/bugs/view.php?id=22742", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=22742" + }, + { + "name": "1038278", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038278" + }, + { + "name": "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1" + }, + { + "name": "https://github.com/mantisbt/mantisbt/pull/1094", + "refsource": "CONFIRM", + "url": "https://github.com/mantisbt/mantisbt/pull/1094" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11054.json b/2018/11xxx/CVE-2018-11054.json index d3f286e71f0..7f713482126 100644 --- a/2018/11xxx/CVE-2018-11054.json +++ b/2018/11xxx/CVE-2018-11054.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@dell.com", - "ID" : "CVE-2018-11054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BSAFE Micro Edition Suite", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_value" : "4.1.6" - } - ] - } - } - ] - }, - "vendor_name" : "RSA" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 7.5, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "integer overflow vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2018-11054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BSAFE Micro Edition Suite", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "4.1.6" + } + ] + } + } + ] + }, + "vendor_name": "RSA" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/46" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/46" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11331.json b/2018/11xxx/CVE-2018-11331.json index e3d78018d36..2feaffff189 100644 --- a/2018/11xxx/CVE-2018-11331.json +++ b/2018/11xxx/CVE-2018-11331.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e", - "refsource" : "MISC", - "url" : "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e" - }, - { - "name" : "https://github.com/pluck-cms/pluck/issues/58", - "refsource" : "MISC", - "url" : "https://github.com/pluck-cms/pluck/issues/58" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pluck-cms/pluck/issues/58", + "refsource": "MISC", + "url": "https://github.com/pluck-cms/pluck/issues/58" + }, + { + "name": "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e", + "refsource": "MISC", + "url": "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14527.json b/2018/14xxx/CVE-2018-14527.json index 5c2f204ef14..a3d0760ef37 100644 --- a/2018/14xxx/CVE-2018-14527.json +++ b/2018/14xxx/CVE-2018-14527.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc", - "refsource" : "MISC", - "url" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc", + "refsource": "MISC", + "url": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14768.json b/2018/14xxx/CVE-2018-14768.json index 003870279a4..8c67bf2533f 100644 --- a/2018/14xxx/CVE-2018-14768.json +++ b/2018/14xxx/CVE-2018-14768.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" - }, - { - "name" : "https://www.vivotek.com/website/support/cybersecurity/", - "refsource" : "CONFIRM", - "url" : "https://www.vivotek.com/website/support/cybersecurity/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", + "refsource": "CONFIRM", + "url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" + }, + { + "name": "https://www.vivotek.com/website/support/cybersecurity/", + "refsource": "CONFIRM", + "url": "https://www.vivotek.com/website/support/cybersecurity/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14780.json b/2018/14xxx/CVE-2018-14780.json index d6fc799ef3a..e2916384f4b 100644 --- a/2018/14xxx/CVE-2018-14780.json +++ b/2018/14xxx/CVE-2018-14780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/08/14/2" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/" - }, - { - "name" : "https://www.yubico.com/support/security-advisories/ysa-2018-03/", - "refsource" : "CONFIRM", - "url" : "https://www.yubico.com/support/security-advisories/ysa-2018-03/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.yubico.com/support/security-advisories/ysa-2018-03/", + "refsource": "CONFIRM", + "url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/" + }, + { + "name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/08/14/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15033.json b/2018/15xxx/CVE-2018-15033.json index d4b57b24849..fa34b6cef4e 100644 --- a/2018/15xxx/CVE-2018-15033.json +++ b/2018/15xxx/CVE-2018-15033.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15033", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15033", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15218.json b/2018/15xxx/CVE-2018-15218.json index 5685eb72342..b1b1aa2c842 100644 --- a/2018/15xxx/CVE-2018-15218.json +++ b/2018/15xxx/CVE-2018-15218.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15218", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15218", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15451.json b/2018/15xxx/CVE-2018-15451.json index e235384a257..47f8b1f662b 100644 --- a/2018/15xxx/CVE-2018-15451.json +++ b/2018/15xxx/CVE-2018-15451.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", - "ID" : "CVE-2018-15451", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Prime Service Catalog Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Service Catalog ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "5.4", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-11-07T16:00:00-0600", + "ID": "CVE-2018-15451", + "STATE": "PUBLIC", + "TITLE": "Cisco Prime Service Catalog Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Service Catalog ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181107 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-psc-xss" - }, - { - "name" : "105857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105857" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181107-psc-xss", - "defect" : [ - [ - "CSCvm48196" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105857" + }, + { + "name": "20181107 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-psc-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181107-psc-xss", + "defect": [ + [ + "CSCvm48196" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15617.json b/2018/15xxx/CVE-2018-15617.json index 9ebf3a44de1..8b99ea359b4 100644 --- a/2018/15xxx/CVE-2018-15617.json +++ b/2018/15xxx/CVE-2018-15617.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "securityalerts@avaya.com", - "ID" : "CVE-2018-15617", - "STATE" : "PUBLIC", - "TITLE" : "Communication Manager Denial of Service" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Communication Manager", - "version" : { - "version_data" : [ - { - "affected" : "<=", - "version_name" : "7.1.x", - "version_value" : "7.1.3.2" - }, - { - "affected" : "<=", - "version_name" : "8.x", - "version_value" : "8.0.1" - }, - { - "affected" : "=", - "version_name" : "6.3.x", - "version_value" : "6.3.x" - } - ] - } - } - ] - }, - "vendor_name" : "Avaya" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the \"capro\" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399: Resource Management Errors" - } + "CVE_data_meta": { + "ASSIGNER": "securityalerts@avaya.com", + "ID": "CVE-2018-15617", + "STATE": "PUBLIC", + "TITLE": "Communication Manager Denial of Service" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Communication Manager", + "version": { + "version_data": [ + { + "affected": "<=", + "version_name": "7.1.x", + "version_value": "7.1.3.2" + }, + { + "affected": "<=", + "version_name": "8.x", + "version_value": "8.0.1" + }, + { + "affected": "=", + "version_name": "6.3.x", + "version_value": "6.3.x" + } + ] + } + } + ] + }, + "vendor_name": "Avaya" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downloads.avaya.com/css/P8/documents/101055396", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/101055396" - }, - { - "name" : "106826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106826" - } - ] - }, - "source" : { - "advisory" : "ASA-2018-328" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the \"capro\" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399: Resource Management Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106826" + }, + { + "name": "https://downloads.avaya.com/css/P8/documents/101055396", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/101055396" + } + ] + }, + "source": { + "advisory": "ASA-2018-328" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15706.json b/2018/15xxx/CVE-2018-15706.json index 51e2fbc869f..48e3ceabc5d 100644 --- a/2018/15xxx/CVE-2018-15706.json +++ b/2018/15xxx/CVE-2018-15706.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-15706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1 and 8.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-15706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "8.3.1 and 8.3.2" + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2018-35", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2018-35" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tenable.com/security/research/tra-2018-35", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2018-35" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20085.json b/2018/20xxx/CVE-2018-20085.json index eaebd22dca9..37ad79aefba 100644 --- a/2018/20xxx/CVE-2018-20085.json +++ b/2018/20xxx/CVE-2018-20085.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20085", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20085", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20313.json b/2018/20xxx/CVE-2018-20313.json index 4f40f918439..3515c5d413b 100644 --- a/2018/20xxx/CVE-2018-20313.json +++ b/2018/20xxx/CVE-2018-20313.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20313", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20313", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20798.json b/2018/20xxx/CVE-2018-20798.json index db59784ae5c..0d0efc4bd3f 100644 --- a/2018/20xxx/CVE-2018-20798.json +++ b/2018/20xxx/CVE-2018-20798.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://redmine.pfsense.org/issues/9223", - "refsource" : "MISC", - "url" : "https://redmine.pfsense.org/issues/9223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://redmine.pfsense.org/issues/9223", + "refsource": "MISC", + "url": "https://redmine.pfsense.org/issues/9223" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9433.json b/2018/9xxx/CVE-2018-9433.json index 1fe01d83336..289bb8bebc9 100644 --- a/2018/9xxx/CVE-2018-9433.json +++ b/2018/9xxx/CVE-2018-9433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9577.json b/2018/9xxx/CVE-2018-9577.json index 721905c7161..82fbe27563b 100644 --- a/2018/9xxx/CVE-2018-9577.json +++ b/2018/9xxx/CVE-2018-9577.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9577", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9577", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9780.json b/2018/9xxx/CVE-2018-9780.json index bdb36737c87..ce02ef05c42 100644 --- a/2018/9xxx/CVE-2018-9780.json +++ b/2018/9xxx/CVE-2018-9780.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9780", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9780", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file