diff --git a/2002/0xxx/CVE-2002-0070.json b/2002/0xxx/CVE-2002-0070.json index 8fc1a6471fa..933ec5a9117 100644 --- a/2002/0xxx/CVE-2002-0070.json +++ b/2002/0xxx/CVE-2002-0070.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020312 ADVISORY: Windows Shell Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101594127017290&w=2" - }, - { - "name" : "20020311 ADVISORY: Windows Shell Overflow", - "refsource" : "NTBUGTRAQ", - "url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404" - }, - { - "name" : "MS02-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-014" - }, - { - "name" : "win-shell-bo(8384)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8384.php" - }, - { - "name" : "4248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4248" - }, - { - "name" : "oval:org.mitre.oval:def:18", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18" - }, - { - "name" : "oval:org.mitre.oval:def:147", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-014" + }, + { + "name": "20020311 ADVISORY: Windows Shell Overflow", + "refsource": "NTBUGTRAQ", + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404" + }, + { + "name": "20020312 ADVISORY: Windows Shell Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101594127017290&w=2" + }, + { + "name": "4248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4248" + }, + { + "name": "oval:org.mitre.oval:def:147", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A147" + }, + { + "name": "oval:org.mitre.oval:def:18", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18" + }, + { + "name": "win-shell-bo(8384)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8384.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0865.json b/2002/0xxx/CVE-2002-0865.json index cc208b0b274..cf14755017d 100644 --- a/2002/0xxx/CVE-2002-0865.json +++ b/2002/0xxx/CVE-2002-0865.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka \"Inappropriate Methods Exposed in XML Support Classes.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-052", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052" - }, - { - "name" : "VU#140898", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/140898" - }, - { - "name" : "msvm-xml-methods-access(10135)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10135.php" - }, - { - "name" : "5752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka \"Inappropriate Methods Exposed in XML Support Classes.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "msvm-xml-methods-access(10135)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10135.php" + }, + { + "name": "5752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5752" + }, + { + "name": "MS02-052", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052" + }, + { + "name": "VU#140898", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/140898" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1090.json b/2002/1xxx/CVE-2002-1090.json index 8409b807440..805fa834d8d 100644 --- a/2002/1xxx/CVE-2002-1090.json +++ b/2002/1xxx/CVE-2002-1090.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt", + "refsource": "CONFIRM", + "url": "http://www.stafford.uklinux.net/libesmtp/ChangeLog.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1436.json b/2002/1xxx/CVE-2002-1436.json index 2d37597d293..2f68cfe0183 100644 --- a/2002/1xxx/CVE-2002-1436.json +++ b/2002/1xxx/CVE-2002-1436.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020820 NOVL-2002-2963307 - PERL Handler Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html" - }, - { - "name" : "http://support.novell.com/servlet/tidfinder/2963307", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2963307" - }, - { - "name" : "netware-perl-code-execution(9916)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9916.php" - }, - { - "name" : "5520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netware-perl-code-execution(9916)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9916.php" + }, + { + "name": "http://support.novell.com/servlet/tidfinder/2963307", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2963307" + }, + { + "name": "5520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5520" + }, + { + "name": "20020820 NOVL-2002-2963307 - PERL Handler Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1480.json b/2002/1xxx/CVE-2002-1480.json index a4f7e2c44d3..bdee7516e2a 100644 --- a/2002/1xxx/CVE-2002-1480.json +++ b/2002/1xxx/CVE-2002-1480.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020909 phpGB: cross site scripting bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html" - }, - { - "name" : "5676", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5676" - }, - { - "name" : "phpgb-entry-deletion-xss(10060)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10060.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows remote attackers to inject arbitrary HTML or script into guestbook pages, which is executed when the administrator deletes the entry." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5676", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5676" + }, + { + "name": "20020909 phpGB: cross site scripting bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0069.html" + }, + { + "name": "phpgb-entry-deletion-xss(10060)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10060.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0259.json b/2003/0xxx/CVE-2003-0259.json index e5c04d963d2..b804b64a6a4 100644 --- a/2003/0xxx/CVE-2003-0259.json +++ b/2003/0xxx/CVE-2003-0259.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0259", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0259", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml" - }, - { - "name" : "VU#317348", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/317348" - }, - { - "name" : "cisco-vpn-ssh-dos(11955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-vpn-ssh-dos(11955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11955" + }, + { + "name": "20030507 Cisco VPN 3000 Concentrator Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml" + }, + { + "name": "VU#317348", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/317348" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0532.json b/2003/0xxx/CVE-2003-0532.json index e532fe1887d..922e1db7dd2 100644 --- a/2003/0xxx/CVE-2003-0532.json +++ b/2003/0xxx/CVE-2003-0532.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" - }, - { - "name" : "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106149026621753&w=2" - }, - { - "name" : "http://www.eeye.com/html/Research/Advisories/AD20030820.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/Research/Advisories/AD20030820.html" - }, - { - "name" : "MS03-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" - }, - { - "name" : "VU#865940", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/865940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#865940", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/865940" + }, + { + "name": "MS03-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" + }, + { + "name": "http://www.eeye.com/html/Research/Advisories/AD20030820.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/Research/Advisories/AD20030820.html" + }, + { + "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html" + }, + { + "name": "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106149026621753&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0552.json b/2003/0xxx/CVE-2003-0552.json index 21329c051c3..50b77e38ce4 100644 --- a/2003/0xxx/CVE-2003-0552.json +++ b/2003/0xxx/CVE-2003-0552.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:198", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html" - }, - { - "name" : "RHSA-2003:238", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html" - }, - { - "name" : "DSA-358", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-358" - }, - { - "name" : "DSA-423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-423" - }, - { - "name" : "RHSA-2003:239", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html" - }, - { - "name" : "oval:org.mitre.oval:def:385", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:238", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html" + }, + { + "name": "DSA-423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-423" + }, + { + "name": "RHSA-2003:198", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-198.html" + }, + { + "name": "RHSA-2003:239", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-239.html" + }, + { + "name": "DSA-358", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-358" + }, + { + "name": "oval:org.mitre.oval:def:385", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0831.json b/2003/0xxx/CVE-2003-0831.json index c56fcdceeef..b49c6123f3f 100644 --- a/2003/0xxx/CVE-2003-0831.json +++ b/2003/0xxx/CVE-2003-0831.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030923 ProFTPD ASCII File Remote Compromise Vulnerability", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/154" - }, - { - "name" : "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106441655617816&w=2" - }, - { - "name" : "20031013 Remote root exploit for proftpd \\n bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106606885611269&w=2" - }, - { - "name" : "107", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/107/" - }, - { - "name" : "20031014 Another ProFTPd root EXPLOIT ?", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html" - }, - { - "name" : "MDKSA-2003:095", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095" - }, - { - "name" : "VU#405348", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/405348" - }, - { - "name" : "9829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9829" - }, - { - "name" : "proftpd-ascii-xfer-newline-bo(12200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031013 Remote root exploit for proftpd \\n bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106606885611269&w=2" + }, + { + "name": "20030923 ProFTPD ASCII File Remote Compromise Vulnerability", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/154" + }, + { + "name": "VU#405348", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/405348" + }, + { + "name": "proftpd-ascii-xfer-newline-bo(12200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200" + }, + { + "name": "107", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/107/" + }, + { + "name": "20031014 Another ProFTPd root EXPLOIT ?", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html" + }, + { + "name": "9829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9829" + }, + { + "name": "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106441655617816&w=2" + }, + { + "name": "MDKSA-2003:095", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1084.json b/2003/1xxx/CVE-2003-1084.json index 0a3b08acdd1..9c702f4598a 100644 --- a/2003/1xxx/CVE-2003-1084.json +++ b/2003/1xxx/CVE-2003-1084.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/345417" - }, - { - "name" : "http://www.tildeslash.com/monit/dist/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tildeslash.com/monit/dist/CHANGES.txt" - }, - { - "name" : "GLSA-200403-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-14.xml" - }, - { - "name" : "VU#206382", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/206382" - }, - { - "name" : "9098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9098" - }, - { - "name" : "10280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10280" - }, - { - "name" : "monit-negative-content-dos(13818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tildeslash.com/monit/dist/CHANGES.txt", + "refsource": "CONFIRM", + "url": "http://www.tildeslash.com/monit/dist/CHANGES.txt" + }, + { + "name": "9098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9098" + }, + { + "name": "monit-negative-content-dos(13818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13818" + }, + { + "name": "GLSA-200403-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-14.xml" + }, + { + "name": "VU#206382", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/206382" + }, + { + "name": "10280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10280" + }, + { + "name": "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/345417" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1586.json b/2003/1xxx/CVE-2003-1586.json index b9061c58813..18ec64b32fc 100644 --- a/2003/1xxx/CVE-2003-1586.json +++ b/2003/1xxx/CVE-2003-1586.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313867" - }, - { - "name" : "webexpert-useragent-xss(56646)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webexpert-useragent-xss(56646)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56646" + }, + { + "name": "20030304 Log corruption on multiple webservers, log analyzers,...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313867" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0153.json b/2012/0xxx/CVE-2012-0153.json index efeed517780..96dc045957a 100644 --- a/2012/0xxx/CVE-2012-0153.json +++ b/2012/0xxx/CVE-2012-0153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0153", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-0153", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0873.json b/2012/0xxx/CVE-2012-0873.json index 022d6cf82f9..4dc940c8cff 100644 --- a/2012/0xxx/CVE-2012-0873.json +++ b/2012/0xxx/CVE-2012-0873.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120220 Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0107.html" - }, - { - "name" : "[oss-security] 20120220 Re: Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/20/11" - }, - { - "name" : "[oss-security] 20120221 Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/20/6" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss" - }, - { - "name" : "http://www.boonex.com/n/dolphin-7-0-8-released", - "refsource" : "CONFIRM", - "url" : "http://www.boonex.com/n/dolphin-7-0-8-released" - }, - { - "name" : "http://www.boonex.com/trac/dolphin/changeset/15282", - "refsource" : "CONFIRM", - "url" : "http://www.boonex.com/trac/dolphin/changeset/15282" - }, - { - "name" : "http://www.boonex.com/trac/dolphin/changeset/15283", - "refsource" : "CONFIRM", - "url" : "http://www.boonex.com/trac/dolphin/changeset/15283" - }, - { - "name" : "http://www.boonex.com/trac/dolphin/ticket/2530", - "refsource" : "CONFIRM", - "url" : "http://www.boonex.com/trac/dolphin/ticket/2530" - }, - { - "name" : "52088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120220 Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0107.html" + }, + { + "name": "http://www.boonex.com/n/dolphin-7-0-8-released", + "refsource": "CONFIRM", + "url": "http://www.boonex.com/n/dolphin-7-0-8-released" + }, + { + "name": "http://www.boonex.com/trac/dolphin/changeset/15282", + "refsource": "CONFIRM", + "url": "http://www.boonex.com/trac/dolphin/changeset/15282" + }, + { + "name": "http://www.boonex.com/trac/dolphin/changeset/15283", + "refsource": "CONFIRM", + "url": "http://www.boonex.com/trac/dolphin/changeset/15283" + }, + { + "name": "[oss-security] 20120220 Re: Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/20/11" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss" + }, + { + "name": "http://www.boonex.com/trac/dolphin/ticket/2530", + "refsource": "CONFIRM", + "url": "http://www.boonex.com/trac/dolphin/ticket/2530" + }, + { + "name": "52088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52088" + }, + { + "name": "[oss-security] 20120221 Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/20/6" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1215.json b/2012/1xxx/CVE-2012-1215.json index 1a4bc68b632..6494f3a01a1 100644 --- a/2012/1xxx/CVE-2012-1215.json +++ b/2012/1xxx/CVE-2012-1215.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/109617/#comment-10344", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109617/#comment-10344" - }, - { - "name" : "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html" - }, - { - "name" : "http://support.yoono.com/yoono/topics/xss-w35in", - "refsource" : "CONFIRM", - "url" : "http://support.yoono.com/yoono/topics/xss-w35in" - }, - { - "name" : "51970", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51970" - }, - { - "name" : "yoonofirefoxextension-addfriends-xss(73150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a \"Create a group\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html" + }, + { + "name": "http://support.yoono.com/yoono/topics/xss-w35in", + "refsource": "CONFIRM", + "url": "http://support.yoono.com/yoono/topics/xss-w35in" + }, + { + "name": "51970", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51970" + }, + { + "name": "yoonofirefoxextension-addfriends-xss(73150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73150" + }, + { + "name": "http://packetstormsecurity.org/files/109617/#comment-10344", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109617/#comment-10344" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1226.json b/2012/1xxx/CVE-2012-1226.json index 7944406be00..436925f172d 100644 --- a/2012/1xxx/CVE-2012-1226.json +++ b/2012/1xxx/CVE-2012-1226.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120210 Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/521583" - }, - { - "name" : "20120227 Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0168.html" - }, - { - "name" : "18480", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18480" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=428", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=428" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417" - }, - { - "name" : "dolibarr-multiple-file-include(73136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=428", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=428" + }, + { + "name": "20120210 Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/521583" + }, + { + "name": "20120227 Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0168.html" + }, + { + "name": "18480", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18480" + }, + { + "name": "dolibarr-multiple-file-include(73136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73136" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3617.json b/2012/3xxx/CVE-2012-3617.json index 35b350e6298..c96984a954e 100644 --- a/2012/3xxx/CVE-2012-3617.json +++ b/2012/3xxx/CVE-2012-3617.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85410", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85410" - }, - { - "name" : "oval:org.mitre.oval:def:17184", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17184" - }, - { - "name" : "apple-itunes-webkit-cve20123617(78547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "apple-itunes-webkit-cve20123617(78547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78547" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:17184", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17184" + }, + { + "name": "85410", + "refsource": "OSVDB", + "url": "http://osvdb.org/85410" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4171.json b/2012/4xxx/CVE-2012-4171.json index 780269b9303..883d503161f 100644 --- a/2012/4xxx/CVE-2012-4171.json +++ b/2012/4xxx/CVE-2012-4171.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-4171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-19.html" - }, - { - "name" : "55365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55365" - }, - { - "name" : "adobe-flash-air-logic-dos(78226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55365" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-19.html" + }, + { + "name": "adobe-flash-air-logic-dos(78226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78226" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4869.json b/2012/4xxx/CVE-2012-4869.json index 664359b6ea8..b7d2cbc0502 100644 --- a/2012/4xxx/CVE-2012-4869.json +++ b/2012/4xxx/CVE-2012-4869.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18649", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18649" - }, - { - "name" : "18659", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18659" - }, - { - "name" : "20120320 FreePBX remote command execution, xss", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Mar/234" - }, - { - "name" : "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html" - }, - { - "name" : "http://www.freepbx.org/trac/ticket/5711", - "refsource" : "CONFIRM", - "url" : "http://www.freepbx.org/trac/ticket/5711" - }, - { - "name" : "52630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52630" - }, - { - "name" : "48463", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48463" - }, - { - "name" : "freepbx-callmepage-command-exec(74174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18649", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18649" + }, + { + "name": "18659", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18659" + }, + { + "name": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html" + }, + { + "name": "20120320 FreePBX remote command execution, xss", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Mar/234" + }, + { + "name": "48463", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48463" + }, + { + "name": "52630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52630" + }, + { + "name": "freepbx-callmepage-command-exec(74174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74174" + }, + { + "name": "http://www.freepbx.org/trac/ticket/5711", + "refsource": "CONFIRM", + "url": "http://www.freepbx.org/trac/ticket/5711" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4899.json b/2012/4xxx/CVE-2012-4899.json index f0d645e26db..e73a26ef9a8 100644 --- a/2012/4xxx/CVE-2012-4899.json +++ b/2012/4xxx/CVE-2012-4899.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-02.pdf" - }, - { - "name" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653", - "refsource" : "MISC", - "url" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653", + "refsource": "MISC", + "url": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-02.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4922.json b/2012/4xxx/CVE-2012-4922.json index 457b6ddb7b1..ccab550ebd4 100644 --- a/2012/4xxx/CVE-2012-4922.json +++ b/2012/4xxx/CVE-2012-4922.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120912 CVE id request: tor", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/09/12/5" - }, - { - "name" : "[tor-talk] 20120912 Tor 0.2.3.22-rc is out", - "refsource" : "MLIST", - "url" : "https://lists.torproject.org/pipermail/tor-talk/2012-September/025501.html" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes" - }, - { - "name" : "https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/6811", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/6811" - }, - { - "name" : "FEDORA-2012-14638", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html" - }, - { - "name" : "GLSA-201301-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-03.xml" - }, - { - "name" : "openSUSE-SU-2012:1278", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201301-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml" + }, + { + "name": "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/6811", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/6811" + }, + { + "name": "[oss-security] 20120912 CVE id request: tor", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/09/12/5" + }, + { + "name": "FEDORA-2012-14638", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html" + }, + { + "name": "https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404" + }, + { + "name": "[tor-talk] 20120912 Tor 0.2.3.22-rc is out", + "refsource": "MLIST", + "url": "https://lists.torproject.org/pipermail/tor-talk/2012-September/025501.html" + }, + { + "name": "openSUSE-SU-2012:1278", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2361.json b/2017/2xxx/CVE-2017-2361.json index 4132459aa70..58f9c1b14c0 100644 --- a/2017/2xxx/CVE-2017-2361.json +++ b/2017/2xxx/CVE-2017-2361.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41443", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41443/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040" - }, - { - "name" : "https://support.apple.com/HT207483", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207483" - }, - { - "name" : "95723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95723" - }, - { - "name" : "1037671", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207483", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207483" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1040" + }, + { + "name": "41443", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41443/" + }, + { + "name": "1037671", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037671" + }, + { + "name": "95723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95723" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2369.json b/2017/2xxx/CVE-2017-2369.json index d35681d5104..019c47acd90 100644 --- a/2017/2xxx/CVE-2017-2369.json +++ b/2017/2xxx/CVE-2017-2369.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41215", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41215/" - }, - { - "name" : "https://support.apple.com/HT207482", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207482" - }, - { - "name" : "https://support.apple.com/HT207484", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207484" - }, - { - "name" : "https://support.apple.com/HT207485", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207485" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "95727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95727" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95727" + }, + { + "name": "https://support.apple.com/HT207485", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207485" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "41215", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41215/" + }, + { + "name": "https://support.apple.com/HT207484", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207484" + }, + { + "name": "https://support.apple.com/HT207482", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207482" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2706.json b/2017/2xxx/CVE-2017-2706.json index a456b240dac..4d3b98cd7d4 100644 --- a/2017/2xxx/CVE-2017-2706.json +++ b/2017/2xxx/CVE-2017-2706.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate 9", - "version" : { - "version_data" : [ - { - "version_value" : "MHA-AL00AC00B125" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate 9", + "version": { + "version_data": [ + { + "version_value": "MHA-AL00AC00B125" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-01-push-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2809.json b/2017/2xxx/CVE-2017-2809.json index ecf23e7aaac..f4fb43c93ee 100644 --- a/2017/2xxx/CVE-2017-2809.json +++ b/2017/2xxx/CVE-2017-2809.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-09-14T00:00:00", - "ID" : "CVE-2017-2809", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ansible-vault", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "Tomohiro Nakamura" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-09-14T00:00:00", + "ID": "CVE-2017-2809", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ansible-vault", + "version": { + "version_data": [ + { + "version_value": "1.0.4" + } + ] + } + } + ] + }, + "vendor_name": "Tomohiro Nakamura" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305" - }, - { - "name" : "https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt" - }, - { - "name" : "https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04", - "refsource" : "CONFIRM", - "url" : "https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04" - }, - { - "name" : "https://github.com/tomoh1r/ansible-vault/issues/4", - "refsource" : "CONFIRM", - "url" : "https://github.com/tomoh1r/ansible-vault/issues/4" - }, - { - "name" : "100824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/tomoh1r/ansible-vault/blob/v1.0.5/CHANGES.txt" + }, + { + "name": "https://github.com/tomoh1r/ansible-vault/issues/4", + "refsource": "CONFIRM", + "url": "https://github.com/tomoh1r/ansible-vault/issues/4" + }, + { + "name": "https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04", + "refsource": "CONFIRM", + "url": "https://github.com/tomoh1r/ansible-vault/commit/3f8f659ef443ab870bb19f95d43543470168ae04" + }, + { + "name": "100824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100824" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0305" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3123.json b/2017/3xxx/CVE-2017-3123.json index 003e1c55100..c834bc3a59e 100644 --- a/2017/3xxx/CVE-2017-3123.json +++ b/2017/3xxx/CVE-2017-3123.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100179" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100179" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3261.json b/2017/3xxx/CVE-2017-3261.json index 1d8316b49c2..a9f333ab043 100644 --- a/2017/3xxx/CVE-2017-3261.json +++ b/2017/3xxx/CVE-2017-3261.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111", - "version" : { - "version_data" : [ - { - "version_value" : "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111", + "version": { + "version_data": [ + { + "version_value": "Java JavaSE:6u131;7u121;8u112;JavaSEEmbedded:8u111" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name" : "DSA-3782", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3782" - }, - { - "name" : "GLSA-201701-65", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-65" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:0175", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html" - }, - { - "name" : "RHSA-2017:0176", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0176.html" - }, - { - "name" : "RHSA-2017:0177", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0177.html" - }, - { - "name" : "RHSA-2017:0180", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0180.html" - }, - { - "name" : "RHSA-2017:0263", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0263.html" - }, - { - "name" : "RHSA-2017:0269", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0269.html" - }, - { - "name" : "RHSA-2017:0336", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0336.html" - }, - { - "name" : "RHSA-2017:0337", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0337.html" - }, - { - "name" : "RHSA-2017:0338", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0338.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "95566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95566" - }, - { - "name" : "1037637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0338", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + }, + { + "name": "DSA-3782", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3782" + }, + { + "name": "RHSA-2017:0176", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html" + }, + { + "name": "GLSA-201701-65", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-65" + }, + { + "name": "RHSA-2017:0180", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html" + }, + { + "name": "1037637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037637" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:0175", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html" + }, + { + "name": "95566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95566" + }, + { + "name": "RHSA-2017:0177", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html" + }, + { + "name": "RHSA-2017:0263", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "name": "RHSA-2017:0269", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "RHSA-2017:0337", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + }, + { + "name": "RHSA-2017:0336", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3411.json b/2017/3xxx/CVE-2017-3411.json index f9a48cccc5b..310d7591cbc 100644 --- a/2017/3xxx/CVE-2017-3411.json +++ b/2017/3xxx/CVE-2017-3411.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3572.json b/2017/3xxx/CVE-2017-3572.json index a94cd629772..588b1dc5a3b 100644 --- a/2017/3xxx/CVE-2017-3572.json +++ b/2017/3xxx/CVE-2017-3572.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Commerce Guided Search / Oracle Commerce Experience Manager", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "6.2.2" - }, - { - "version_affected" : "=", - "version_value" : "6.3.0" - }, - { - "version_affected" : "=", - "version_value" : "6.4.1.2" - }, - { - "version_affected" : "=", - "version_value" : "6.5.0" - }, - { - "version_affected" : "=", - "version_value" : "6.5.1" - }, - { - "version_affected" : "=", - "version_value" : "6.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). Supported versions that are affected are 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1 and 6.5.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search / Oracle Commerce Experience Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search / Oracle Commerce Experience Manager." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Guided Search / Oracle Commerce Experience Manager", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.2.2" + }, + { + "version_affected": "=", + "version_value": "6.3.0" + }, + { + "version_affected": "=", + "version_value": "6.4.1.2" + }, + { + "version_affected": "=", + "version_value": "6.5.0" + }, + { + "version_affected": "=", + "version_value": "6.5.1" + }, + { + "version_affected": "=", + "version_value": "6.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). Supported versions that are affected are 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1 and 6.5.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search / Oracle Commerce Experience Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Commerce Guided Search / Oracle Commerce Experience Manager." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97721" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6352.json b/2017/6xxx/CVE-2017-6352.json index 0f6d84073e2..00b0553e5a9 100644 --- a/2017/6xxx/CVE-2017-6352.json +++ b/2017/6xxx/CVE-2017-6352.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6352", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6352", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6394.json b/2017/6xxx/CVE-2017-6394.json index 75fcf1462e5..6ec5ca5aa04 100644 --- a/2017/6xxx/CVE-2017-6394.json +++ b/2017/6xxx/CVE-2017-6394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the \"openemr-master/gacl/admin/object_search.php\" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openemr/openemr/issues/498", - "refsource" : "MISC", - "url" : "https://github.com/openemr/openemr/issues/498" - }, - { - "name" : "96539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96539" - }, - { - "name" : "96576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the \"openemr-master/gacl/admin/object_search.php\" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96576" + }, + { + "name": "96539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96539" + }, + { + "name": "https://github.com/openemr/openemr/issues/498", + "refsource": "MISC", + "url": "https://github.com/openemr/openemr/issues/498" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6561.json b/2017/6xxx/CVE-2017-6561.json index aaa60c76736..f59eef60907 100644 --- a/2017/6xxx/CVE-2017-6561.json +++ b/2017/6xxx/CVE-2017-6561.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/141507/Agora-Project-3.2.2-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/141507/Agora-Project-3.2.2-Cross-Site-Scripting.html" - }, - { - "name" : "96940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96940" + }, + { + "name": "https://packetstormsecurity.com/files/141507/Agora-Project-3.2.2-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/141507/Agora-Project-3.2.2-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6650.json b/2017/6xxx/CVE-2017-6650.json index d938b464316..ff0541d0faf 100644 --- a/2017/6xxx/CVE-2017-6650.json +++ b/2017/6xxx/CVE-2017-6650.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Nexus Series Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Nexus Series Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Nexus Series Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco Nexus Series Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1" - }, - { - "name" : "98528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98528" - }, - { - "name" : "1038518", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into the Telnet CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038518", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038518" + }, + { + "name": "98528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98528" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss1" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7189.json b/2017/7xxx/CVE-2017-7189.json index 403460f33a1..33b4abee2e3 100644 --- a/2017/7xxx/CVE-2017-7189.json +++ b/2017/7xxx/CVE-2017-7189.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7189", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7189", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7524.json b/2017/7xxx/CVE-2017-7524.json index 749bf5c6ef5..2cb5d67252d 100644 --- a/2017/7xxx/CVE-2017-7524.json +++ b/2017/7xxx/CVE-2017-7524.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-7524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tpm2-tools", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "TPM 2.0 Tools" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-522" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "tpm2-tools", + "version": { + "version_data": [ + { + "version_value": "before 1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "TPM 2.0 Tools" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157", - "refsource" : "CONFIRM", - "url" : "https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-522" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157", + "refsource": "CONFIRM", + "url": "https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7745.json b/2017/7xxx/CVE-2017-7745.json index bbf2d51622f..d03f34d3ffb 100644 --- a/2017/7xxx/CVE-2017-7745.json +++ b/2017/7xxx/CVE-2017-7745.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-20.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-20.html" - }, - { - "name" : "97627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-20.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-20.html" + }, + { + "name": "97627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97627" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10264.json b/2018/10xxx/CVE-2018-10264.json index ecf762dee86..3602c7817be 100644 --- a/2018/10xxx/CVE-2018-10264.json +++ b/2018/10xxx/CVE-2018-10264.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10264", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10264", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10298.json b/2018/10xxx/CVE-2018-10298.json index 2745a3bc298..855912f7280 100644 --- a/2018/10xxx/CVE-2018-10298.json +++ b/2018/10xxx/CVE-2018-10298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/", - "refsource" : "MISC", - "url" : "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/", + "refsource": "MISC", + "url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10641.json b/2018/10xxx/CVE-2018-10641.json index 8c92640ad6f..71a93e84658 100644 --- a/2018/10xxx/CVE-2018-10641.json +++ b/2018/10xxx/CVE-2018-10641.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://advancedpersistentsecurity.net/cve-2018-10641/", - "refsource" : "MISC", - "url" : "https://advancedpersistentsecurity.net/cve-2018-10641/" - }, - { - "name" : "https://gist.github.com/jocephus/806ff4679cf54af130d69777a551f819", - "refsource" : "MISC", - "url" : "https://gist.github.com/jocephus/806ff4679cf54af130d69777a551f819" - }, - { - "name" : "https://www.peerlyst.com/posts/vulnerability-disclosure-insecure-authentication-practices-in-d-link-router-cve-2018-10641-joe-gray", - "refsource" : "MISC", - "url" : "https://www.peerlyst.com/posts/vulnerability-disclosure-insecure-authentication-practices-in-d-link-router-cve-2018-10641-joe-gray" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.peerlyst.com/posts/vulnerability-disclosure-insecure-authentication-practices-in-d-link-router-cve-2018-10641-joe-gray", + "refsource": "MISC", + "url": "https://www.peerlyst.com/posts/vulnerability-disclosure-insecure-authentication-practices-in-d-link-router-cve-2018-10641-joe-gray" + }, + { + "name": "https://advancedpersistentsecurity.net/cve-2018-10641/", + "refsource": "MISC", + "url": "https://advancedpersistentsecurity.net/cve-2018-10641/" + }, + { + "name": "https://gist.github.com/jocephus/806ff4679cf54af130d69777a551f819", + "refsource": "MISC", + "url": "https://gist.github.com/jocephus/806ff4679cf54af130d69777a551f819" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14760.json b/2018/14xxx/CVE-2018-14760.json index 63641d32b94..9b25782253c 100644 --- a/2018/14xxx/CVE-2018-14760.json +++ b/2018/14xxx/CVE-2018-14760.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14760", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14760", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14764.json b/2018/14xxx/CVE-2018-14764.json index 429531ab927..d9a40c3eaf7 100644 --- a/2018/14xxx/CVE-2018-14764.json +++ b/2018/14xxx/CVE-2018-14764.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14764", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14764", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14897.json b/2018/14xxx/CVE-2018-14897.json index 58995ce2931..354b2ea999d 100644 --- a/2018/14xxx/CVE-2018-14897.json +++ b/2018/14xxx/CVE-2018-14897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17458.json b/2018/17xxx/CVE-2018-17458.json index 1e2d8018864..8002a245232 100644 --- a/2018/17xxx/CVE-2018-17458.json +++ b/2018/17xxx/CVE-2018-17458.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.92" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.92" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/875322", - "refsource" : "MISC", - "url" : "https://crbug.com/875322" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html" - }, - { - "name" : "RHSA-2018:2818", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/875322", + "refsource": "MISC", + "url": "https://crbug.com/875322" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html" + }, + { + "name": "RHSA-2018:2818", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2818" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17678.json b/2018/17xxx/CVE-2018-17678.json index c188826c333..f9e705d3df0 100644 --- a/2018/17xxx/CVE-2018-17678.json +++ b/2018/17xxx/CVE-2018-17678.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1172/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1172/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the gotoNamedDest method of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6851." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1172/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1172/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20125.json b/2018/20xxx/CVE-2018-20125.json index 367338467f3..98c24127c01 100644 --- a/2018/20xxx/CVE-2018-20125.json +++ b/2018/20xxx/CVE-2018-20125.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20181219 CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/12/19/3" - }, - { - "name" : "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html" - }, - { - "name" : "106298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20181219 CVE-2018-20125 QEMU: pvrdma: null dereference or excessive memory allocation when creating QP/CQ", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/12/19/3" + }, + { + "name": "106298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106298" + }, + { + "name": "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20155.json b/2018/20xxx/CVE-2018-20155.json index 53b7fbe0b1d..12aedd7ae09 100644 --- a/2018/20xxx/CVE-2018-20155.json +++ b/2018/20xxx/CVE-2018-20155.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/", - "refsource" : "MISC", - "url" : "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/", + "refsource": "MISC", + "url": "https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20202.json b/2018/20xxx/CVE-2018-20202.json index c737cb59f3f..b5dc7cfb786 100644 --- a/2018/20xxx/CVE-2018-20202.json +++ b/2018/20xxx/CVE-2018-20202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20398.json b/2018/20xxx/CVE-2018-20398.json index fd4b1d33de3..65e6ca580c5 100644 --- a/2018/20xxx/CVE-2018-20398.json +++ b/2018/20xxx/CVE-2018-20398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", - "refsource" : "MISC", - "url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" - }, - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", + "refsource": "MISC", + "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv" + }, + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20423.json b/2018/20xxx/CVE-2018-20423.json index d3373c97980..809f4380480 100644 --- a/2018/20xxx/CVE-2018-20423.json +++ b/2018/20xxx/CVE-2018-20423.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a \"disabled registration\" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI", - "refsource" : "MISC", - "url" : "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a \"disabled registration\" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI", + "refsource": "MISC", + "url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9100.json b/2018/9xxx/CVE-2018-9100.json index 4f29214d3d1..beb756511e9 100644 --- a/2018/9xxx/CVE-2018-9100.json +++ b/2018/9xxx/CVE-2018-9100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9129.json b/2018/9xxx/CVE-2018-9129.json index 4173b377e19..56299eb8352 100644 --- a/2018/9xxx/CVE-2018-9129.json +++ b/2018/9xxx/CVE-2018-9129.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html", - "refsource" : "MISC", - "url" : "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html" - }, - { - "name" : "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf" - }, - { - "name" : "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml", - "refsource" : "CONFIRM", - "url" : "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html", + "refsource": "MISC", + "url": "https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on-ipsec-ike.html" + }, + { + "name": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf", + "refsource": "CONFIRM", + "url": "ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32(AAPH.0)C0_2.pdf" + }, + { + "name": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml", + "refsource": "CONFIRM", + "url": "https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9203.json b/2018/9xxx/CVE-2018-9203.json index c127cc65ead..2a3b5c9761c 100644 --- a/2018/9xxx/CVE-2018-9203.json +++ b/2018/9xxx/CVE-2018-9203.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9203", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9203", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9896.json b/2018/9xxx/CVE-2018-9896.json index 39018265540..9b1c5329be0 100644 --- a/2018/9xxx/CVE-2018-9896.json +++ b/2018/9xxx/CVE-2018-9896.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9896", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9896", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9923.json b/2018/9xxx/CVE-2018-9923.json index 0af1db4cec9..c04f4eed1bf 100644 --- a/2018/9xxx/CVE-2018-9923.json +++ b/2018/9xxx/CVE-2018-9923.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/17", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/17" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/17", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/17" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9972.json b/2018/9xxx/CVE-2018-9972.json index 1296854026e..e376fc137b2 100644 --- a/2018/9xxx/CVE-2018-9972.json +++ b/2018/9xxx/CVE-2018-9972.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5755." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-356", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-356" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5755." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-356", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-356" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file